The World Economic Forum has released its annual global risk report, and the results are fodder for every chronic worrier out there in the cybersecurity field.
The 103-page report called out threats to cybersecurity as a significant global risk for the third year in a row. Though ranking below more existential threats such as climate change (the number one risk), weapons of mass destruction, and water crises, cyber threats are still considered significant due to the increasing “cyber dependency” of the world’s population.
“Cases [of cyber attack] have been rising in both frequency and scale,” the report authors write. “They have so far been isolated, concerning mostly a single entity or country, but as the Internet of Things leads to more connections between people and machines, cyber dependency—considered by survey respondents as the third most important global trend—will increase, raising the odds of a cyberattack with potential cascading effects across the cyber ecosystem” (emphasis added).
Cyber Threats Top Worry in U.S.
The global risk report devoted an entire section to threats to doing business, as reported by 140 world economies surveyed. Here are some key takeaways:
- The U.S. ranked cyber attacks as the most significant threat to doing business (out of 29 global risks included in the report). Seven other economies also listed cyber attacks at the top of their lists.
- Half of the 140 economies listed cyber attacks as one of their top-six most significant threats
- 18 out of 140 economies ranked cyber attacks in their top-three most significant global risks.
Interestingly, risk of cyber attacks proved more worrisome than terrorism to those U.S. experts and officials surveyed (terrorism ranked third for the U.S., in fact). Though perhaps it’s not so surprising, as the report noted that the U.S. ranks second globally for online business-to-consumer transactions.
Put simply: U.S. businesses have a great deal to lose from cyber attacks.
Interconnectedness: A Double-Edged Sword
A major potential cause of cyber attacks? Our increasingly connected world. A prominent theme noted by the report is that the interconnectedness of systems is both a blessing and a curse:
“The Internet of Things is a growing reality, introducing new efficiencies as well as new vulnerabilities and interconnected consequences. Recent technological advances have been beneficial in many respects, but have also opened the door to a growing wave of cyberattacks – including economic espionage, cybercrime, and even state-sponsored exploits – that are increasingly perpetrated against businesses.”
Just as the effects of climate change will impact migration patterns, food supplies, and ultimately entire economies, cyber attacks will have the potential to wreak growing havoc across the expanding Internet of Things. No cyber attack happens in a vacuum.
Not All Bad
But enough of the doom and gloom—there is, after all a bright side. While interconnectedness is a source of cyber threats, it can also be part of the cure. Again, from the report:
“All parts of an organization must collaborate transparently on risk management through integrated planning because of the potential for risks to have cascading consequences, including spillovers between the virtual and physical realms.”
Thus interconnectedness can improve our ability to identify and respond to cyber threats, and encourage the kind of collaboration that leads to resilient organizations with a risk-aware culture. As the report notes in a section on resilience to large-scale disasters, collaboration between parts of an organization is crucial to being risk aware. In other words: risk-awareness should link all sectors of an organization.
A Risk-Aware Culture
Risk-awareness permeating an entire culture is one of the main goals of a robust and effective cybersecurity awareness program. While no awareness program can fully prevent cyber attacks, the organization-wide knowledge provided by a good program equips everyone involved with the tools to recognize the risks that are out there.
So for all those cybersecurity chronic worriers reading this, reports like these are not necessarily something to fill you with fear (though fear can sometimes be useful). Their true usefulness arises when they’re used as roadmaps to a more secure and risk-aware organization.
Norman Shaw, CEO and founder of cybersecurity firm ExactTrak, put it succinctly while speaking to SC Magazine about the global risk report:
“More awareness of how serious the problem of cyber-security is can only be a good thing,” Shaw said.
We couldn’t agree more.