Cyber-attacks are the number one business risk in the regions of Europe, North America and East Asia and the Pacific, according to a major new study from the World Economic Forum (WEF).
Its Regional Risks for Doing Business report highlights the opinions of 12,000 executives from across the globe.
While “unemployment or underemployment” and “failure of national governance” take first and second place respectively, cyber threats have moved from eighth in last year’s report to fifth this year.
It tended to be viewed as a greater risk in more advanced economies: 19 countries from Europe and North America plus India, Indonesia, Japan, Singapore and the United Arab Emirates ranked it as number one.
In Europe, the UK and Germany both placed cyber-attacks as the number one risk.
Bromium’s EMEA CTO, Fraser Kyne, argued that businesses are still suffering despite spending an estimated $118bn on cybersecurity globally.
“When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security,” he added.
“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilize machine learning, AI and behavioral analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate.”
Mimecast cyber-resilience expert, Pete Banham, argued that attacks represent a clear risk to productivity and growth.
“New cyber-threats will continue to adapt to take advantage of weaknesses in systems and procedures, especially as global cloud computing vendors aggregate IT risks,” he said.
“Business continuity and cybersecurity are together now major boardroom issues. The only way to mitigate these new risks is to adopt a strategy of cyber-resilience that brings together threat protection, durability and recoverability.”