Global Risk Report: Cyberattacks Rank As A Growing Global Threat
The Internet has changed the way we live, for better and for worse. As the world has become smaller thanks to new technology, it has become necessary to assess new risks and identify ways to respond to them.
To better understand evolving risks, the World Economic Forum recently sponsored its 11th annual Global Risks Report. The 103-page report is based on the annual Global Risks Perception Survey, completed by nearly 750 members of the World Economic Forum. The members come from academia, business, the public sector and civil society, spanning various geographies and areas of expertise.
The preface by Klaus Schwab, founder and executive chairman of the World Economic Forum, states that advances in rapid digitization and technology are transforming societies, which is sometimes referred to as the Fourth Industrial Revolution. While this presents great opportunities, it also involves risks related to rising cyber dependence, along with changing employment patterns and widening income inequality.
The survey asked respondents to consider 29 global risks over a 10-year period and rate them according to perceived likelihood of occurring and what impact they would have. The most impactful risk cited was the failure of climate change mitigation and adaptation, followed by weapons of mass destruction and water crises.
Cyber Attacks Rise
Cyber attacks were cited among global risks that remain serious, along with fiscal crises in key economies, high unemployment and social instability. There are five risk categories covered: economic, environmental, geopolitical, societal and technological.
Cyber attacks are cited as the greatest risk in North America, followed by extreme weather events and data fraud and theft. North America is the only continent where technological attacks – cyber attacks and data fraud and theft – are predicted.
Major risks in other regions include involuntary migration, water crisis, energy price shocks, internal conflict, failure of national governance and profound social instability.
The technological risks cited in the report include adverse consequences of technological progress, a breakdown of information infrastructure, major cyber attacks and massive data fraud and theft.
Critical information infrastructure breakdown is cited as one of the 10 most challenging global risks. The leading global risks are a failure of climate change mitigation and large-scale, involuntary migration.
While there is hope that emerging technology will improve productivity, the spread of technologies is giving rise to individual innovations and disrupting business models. Internet-related technologies like automation of knowledge work, the Internet of Things, the mobile Internet and cloud technology will be the most disruptive. But the failure to understand and address risks related to technology could impact national economies, especially the cascading effects of cyber risks.
Cyber attacks have emerged as the most likely and potentially most serious risks for the last two to three years in North America. Incidents have increased both in scale and frequency.
To date, most cyber attacks have been isolated, focused on a single nation or entity. But the Internet of Things will lead to more connections between machines and people. This rising interaction will lead to cyber dependency, which survey respondents cited as one of the most important global trends. This dependency will raise the odds of a cyber attack.
In the U.S. and Canada, the two risks cited as the highest concern for doing business are cyber attacks and asset bubbles. Cyber attack is the top U.S. risk, followed by data fraud and theft. The risks related to the Internet and cyber dependency are regarded as the highest concerns for doing business.
Cyber Attackers Target Businesses
Public and private services are becoming more vulnerable to cyber attack. Cyber attack includes cyber crime, espionage and state-sponsored exploits. The attacks are increasingly made against businesses. Cyber crime alone cost the global economy $4.45 billion in 2014. Companies in all industries and sizes have been impacted. Consequences have ranged from reputational to legal and economic.
Cyber attack is viewed as the risk of greatest concern to eight economies: The U.S., Germany, Japan, Estonia, the Netherlands, Malaysia, Singapore and Switzerland. In two countries, public sector organizations have suffered cyber attacks: The U.S. Office of Personnel Management and the Japanese Pension Service.
Efforts to address and detect attacks are challenged by their evolving nature. Perpetrators constantly find new ways to execute attacks. Companies trying to match this speed in developing prevention and response are often held back by a weak understanding of the risk, inadequate security capabilities and lack of technical ability.
The responsibility of these attacks is unclear to many CEOs. It is uncertain who within an organization actually owns such a risk. There are many “C” level owners, but each has a different interest and often the players do not cooperate. Defining roles for cyber risks is crucial.
Outdated laws undermine governments’ ability to capture cyber criminals and expedite effective legal and regulatory frameworks.
Also read: Cyber warfare: the new arms race
Government-Sponsored Attacks Rise
The threats of government-sponsored espionage surpass the defensive capabilities of many businesses. Companies are accepting the fact that they cannot hope to prevent all cyber attacks. Preventing these attacks is just as hard as identifying and mitigating them. Many attacks are not immediately discovered.
An emphasis is needed on streamlining mechanisms for early detection, response and recovery, and to better manage the consequences.
Cyber crime cannot be fought unilaterally. While companies can follow standard practices or adopt tailored ways to address it, cooperation throughout the value chain with law enforcement is needed. One reason is that attacks can be made through supplier systems.
Public-private partnerships are often difficult due to lack of trust and misaligned incentives. Businesses fear exposing data and practices to competitors and law enforcement.
Governments need to balance their investments in cyber offensive weapons to enhance capabilities for cyber security.
The growing interdependence between machines and people can diminish organizations’ ability to protect their enterprises. Organizations may not fully understand cyber security risks. Particular focus is needed in mobile Internet and machine-to-machine connections. It is important to integrate physical and cyber management.
Regulatory Structures Must Adapt
Another important concern is the growing exchange of data between countries and stakeholders. The current regulatory framework is underdeveloped and lacks the needed legal certainty in transparency, encryption control, privacy, intellectual property, and the impact of proprietary data on competition.
Technology also plays a role in international security. Daesh, also known as Islamic State in Syria, has recruited fighters from more than 100 countries partly by using social media.
While new technology is creating new tools for international security, such as improved capacity to 3D-print weapons from digital templates, technologies are creating new uses not immediately apparent. In addition, innovation typically outpaces regulatory oversight. Advances in robotics, nanotechnology, genome sequencing and artificial intelligence could destabilize world security.
In the Fourth Industrial Revolution, small groups and individuals can inflict large-scale damage.
A New Warfare Frontier
The Internet has opened a new warfare frontier. The “darknet” allows criminals and terrorists to trade. Future conflicts will contain a cyber element.
The sea and outer space are likely to become more militarized as both private and public entities have gained the ability to establish satellites or mobilize underwater vehicles that can disrupt fiber-optic cables and satellite traffic. Criminals are already using off-the-shelf drones. Autonomous weapons capable of identifying targets will become more feasible and possibly change the laws of war.
Terrorist and criminal groups will exploit this security deficit and leverage new technologies against security forces. States may choose to double down on security issues and disengage from multilateral collaboration, undermining the effectiveness of global institutions. In some areas, the lines blur between states and violent non-state actors. The area between South America and Mexico, Iraq and the Levant and parts of West Central Africa are areas pressured by civil wars, extremism, crime and humanitarian crises.
To establish order, effective regional powers may emerge. New forms of cooperation could assume roles of trade, finance, security and the Internet. In such a scenario, cyberspace becomes neither global nor open. States will have to exert control over the Internet, building proprietary capabilities in data storage, and infrastructure.
Images from Shutterstock and WEC.