“Cybersecurity failure” was identified as a critical short-and-medium-term threat to the world by respondents of the World Economic Forum’s Global Risks Perception Survey (GRPS).
GRPS respondents rank “cybersecurity failure” among the top-10 risks that have worsened most since the start of the COVID-19 crisis, said the report, explaining that the rapid digitalization in advanced economies during the pandemic has also led to more intense cyber vulnerabilities, “as new technologies and an ever-expanding attack surface enable a more dangerous and diverse range of cyber crimes.”
“GRPS respondents believe ‘cybersecurity failure’ will continue to test the world’s digital systems over the next two years and, to a lesser extent, in three to five years,” said the report. (See related WEF graphics in this article that detail the top short-, medium- and long-term risks identified by respondents).
Malware attacks increased by 358 percent in 2020, while ransomware increased 435 percent, with a fourfold rise in the total cryptocurrency value received by ransomware addresses, said the WEF’s “Global Risks Report 2022, 17th Edition,” which details the results of the survey.
Cyber attacks have intensified over the last two years, which “means that cyber threats are now growing faster than our ability to prevent and manage them effectively,” said Carolina Klint, risk management leader, Continental Europe, Marsh, who spoke during a virtual press conference to discuss the survey. (The WEF’s partners in the report’s development are Marsh McLennan, SK Group and Zurich Insurance Group.)
“Companies trying to survive the pandemic have been under more pressure than ever to digitize and automate. But too often, this has been built on the backbone of aging technology, which has led to supply chain disruptions and greater exposure to cyber attacks, and especially ransomware,” Klint added.
Given the rising costs of cyber attacks, cyber insurance prices are going up, she said, pointing to the U.S. example where prices rose by 96 percent in the third quarter of 2021.
This was the most significant price hike since 2015 and a 204% year-over-year price increase, said the report, quoting statistics from Marsh. “Respondents to the GRPS indicate a long-term concern with these developments, with ‘adverse tech advances’ appearing as a top-10 risk over a 5-to-10-year horizon,” the report confirmed.
“There are plenty of cyber risks that keep the C-suite up at night, but there are four that I want to point out that need to be tackled: critical infrastructure failures, an increasingly aggressive regulatory environment, unprecedented identity theft and failing to execute digital transformation effectively,” said Klint.
She emphasized that companies soon won’t be able to claim good environmental, social and governance (ESG) credentials without addressing these key areas.
“As companies recover from the pandemic, they are rightly sharpening their focus on organizational resilience and ESG credentials,” said Klint in a statement accompanying the report. However, she added, it is clear that “neither resilience nor governance are possible without credible and sophisticated cyber risk management plans.”
“Businesses that fail to demonstrate strong corporate governance around cybersecurity—such as by implementing robust systems and process oversight protocols, and by practicing accountability and transparency in the event of a breach—could suffer reputational harm in the eyes of ESG-focused investors,” the report cautioned.
Another problem highlighted by the report is that businesses operate in a world in which 95 percent of cybersecurity issues can be traced to human error, and where insider threats (intentional or accidental) represent 43 percent of all breaches.
Undersupply of Cyber Professionals
The report noted that already-stretched IT and cybersecurity professionals are under increasing pressure, “not only because of the expansion of remote work but also because of the growing complexity of regulations for data and privacy, even though such regulations are critical to ensuring public trust in digital systems.”
In fact, there is an undersupply of cyber professionals who can provide cyber leadership, test and secure systems, and train people in digital hygiene, said the report, pointing to a worldwide employment gap of more than 3 million cybersecurity experts.
“As with other key commodities, a continued lack of cybersecurity professionals could ultimately hamper economic growth, although new initiatives to ‘democratize’ cybersecurity, for example, by providing free cybersecurity risk management tools, could help fill some of the gaps for small businesses or other institutions,” the report continued.
While governments are attempting to prevent cybersecurity breaches, “patchwork enforcement mechanisms across jurisdictions continue to hamper efforts to control cyber crime,” the WEF report said. “Geopolitical rifts hinder potential cross-border collaboration, with some governments unwilling or unable to regulate cyber intrusions that originate inside and impact outside their borders.”
In addition to cybersecurity failures, the survey revealed another technological risk—digital inequality—that is viewed by survey respondents as a critical short- and medium-term threat to the world.
“You are starting to see a lot of concern around this sort of fissure that’s developed with 3 billion people that still do not have access to the Internet and do not have one major source of earning an income available to them,” said Saadia Zahidi, managing director at WEF, who also spoke at the press conference. Zahidi’s team put together the report.
The report noted that concerns over cybersecurity could further hamper attempts to promote rapid and inclusive digitalization globally.
However, these technological risks fall back in rankings for the long term (over the next decade), and none appear among the most potentially severe, which suggests lower relevance to respondents, said the report, which suggested that this signals a “possible blind spot in risk perceptions” given the damage that is possible from cyber attacks.
The Global Risks Perception Survey (GRPS), which underpins the Global Risks Report, gathered insights from nearly 1,000 academic, business, government, civil society and thought leaders. In addition, this year’s report draws on the views of over 12,000 country-level leaders in 124 countries who identified critical short-term risks, gathered through the World Economic Forum’s Executive Opinion Survey (EOS). Survey responses were collected from Sept. 8 to Oct. 12, 2021.
Additional coverage of the WEF report and the press conference will be published in the coming days, including articles on emerging, climate change and societal risks.