Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).
Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.
Digital challenges, such as “cybersecurity failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years.
Interestingly, cybersecurity failures didn’t score as highly as a long-term risk. Reflecting on this, the report stated: “This suggests lower relevance to respondents – or a blind spot in perceptions given the potential damage of cyber-risks – compared to economic, societal and environmental concerns.”
Cybersecurity failures also ranked seventh (12.4%) in the risks that have worsened since the start of COVID-19, reflecting how increased reliance on digital technologies has created more opportunities for cyber-threat actors to strike.
During a WEF press conference launching the report, Carolina Klint, risk management leader, Continental Europe, of Marsh, highlighted cybersecurity as a particularly grave business threat. She noted that the intensification of attacks over recent years means “that cyber-threats are now growing faster than our ability to prevent and manage them effectively.”
The pandemic has offered new opportunities for cyber-criminals to strike, with businesses forced to digitize and adopt new automation technologies rapidly. “Too often this has been built on the back of aging technology, which has led to supply chain disruption and greater exposure to cyber-attacks,” added Klint.
She also noted that the financial costs of cyber-attacks, such as ransomware, have surged in recent years. For example, the report cited data showing a four-fold rise in the total cryptocurrency value received by ransomware addresses last year, reaching $406.34m. In addition, Klint observed that “in 2021, we saw the highest average cost of a data breach in almost two decades.”
Overall, Klint identified four main cyber-risks that need to be tackled over the coming years. These are critical infrastructure failures, an increasingly aggressive regulatory environment, unprecedented identity theft and the failure to execute digital transformation effectively. She warned: “Companies soon won’t be able to claim good ESG credentials without addressing these key areas.”
To address these cyber challenges and more, companies must enhance their resiliency, “which is a journey, not a destination.” These efforts must not only focus on their own internal assets, “but also the vulnerabilities of those in their supply chain.”
In the GRPS survey, the respondents had a dim view of current cyber-threat mitigation efforts. Close to three-quarters (73%) said international risk mitigation efforts in the area of cross-border cyber-attacks and misinformation had either not started or are in early development. The Global Risk Report warned of severe consequences if international cooperation in this area is not improved. This includes the potential for open cyber warfare as governments continue to retaliate against perpetrators and growing “mistrust between societies, business and government.”