Cybersecurity has been ranked as the second biggest global risk in a major new survey of 23,000 experts and members of the public.
The AXA Future Risks Report was produced in partnership with the IPSOS research institute and geopolitical analysis consultancy Eurasia Group. Its findings were compiled from interviews with over 3400 experts in underwriting and risk management, plus a survey of 19,000 members of the public.
Cyber came second only to climate change on the global stage but was rated a number one risk in the Americas and second in Asia, Africa and Europe.
The percentage of experts ranking it among their top five risks increased significantly from 51% last year to 61% in 2021, with only a quarter (26%) believing that governments are prepared for cybersecurity risks — a figure unchanged since 2019.
When asked why they elevated the risk level for cyber, experts pointed to the “shutdown of essential services and critical infrastructure” (47%) and “cyber extortion and ransomware” (21%) as key factors.
Interestingly, the report found that public awareness of these threats is less acute and more focused on identity theft and privacy issues.
AXA predicted the number of “significant cyber incidents” in 2021 would hit an all-time high of 144, versus just 26 a decade ago and only one back in 2003. However, it was unclear what qualified as “significant.”
The report argued that the surge in serious events has increased the urgency to “clarify the roles of the state and insurers in helping to secure vital economic functions.” It added that greater public-private cooperation was needed to improve protections for essential public services.
The prospect of established global rules to govern cyberspace is as distant as ever, AXA claimed.
“Ideally, a mix of punitive actions and diplomacy would establish norms for governments to keep cyber-espionage within limits, and not tolerate ransomware gangs operating from their territory,” it argued.
“Espionage will likely continue, since states have strong incentives to try to gain surreptitious access to their adversaries’ networks and a growing market in hacking-for-hire services is bringing advanced hacking tools into the reach of more state actors.”
In the future, insurers, governments and multi-national organizations must work together more closely to define what constitutes cyber-related acts of war, the report concluded. It pointed out that this is because it gets increasingly difficult to differentiate and categorize various incidents.
Insurers traditionally don’t cover acts of war, which has led to expensive lawsuits in the past over these definitions.
In a World Economic Forum (WEF) report, cyber-attacks fell from second to fourth between 2019 and 2020 in terms of top global business risks. However, they were ranked first in North America and the UK and second in Europe.