Email Security

    World Leaders See At Least 10 Years of Cyber Risk Ahead

    Cyber risk is forecast to keep increasing in the medium- and long-term, in reports issued at the World Economic Forum’s annual meeting in Davos.

    by Karen Lynch
    08BLOG_1.jpg

    Key Points

    • Looking out to 2033, global business and policy leaders predict no respite from cyberattacks.
    • Cyber insecurity made its debut this year among the Top 10 long-term global risks cited in the World Economic Forum's influential Global Risks Report.
    • Solutions to the problem remained in short supply among leaders gathered at WEF’s annual meeting in Davos.

    Business and public policy leaders from across the world indicate that cyber insecurity will be a leading global risk for at least the next 10 years.

    2023 marks the first year in which cyber risk has made the Top 10 list of long-term concerns in the World Economic Forum’s (WEF’s) annual Global Risks Report. Issued this week at WEF’s annual meeting in Davos, Switzerland, the new rating heralds the longevity of the current wave of cyberattacks.[1] “Widespread cybercrime and cyber insecurity” is listed as No. 8 on the list of risks ranked by severity, behind global issues related to climate change, natural disasters, and involuntary migration — but ahead of geoeconomic confrontations and incidents inflicting large-scale environmental damage.

    A second report issued in Davos underscores concerns that cyber risk could get worse before it gets better. Cyber risk ranks among the Top 5 threats cited by global CEOs over the next five years, in an annual global CEO survey by management consultancy PwC. This report shows that one in four top executives feel highly or extremely exposed to cyber risk in the medium term (five years). Fewer CEOs (one in five) feel this level of exposure to cyber risk over the short term (twelve months).[2] 

    The reports come as technological breakthroughs such as generative AI and quantum computing are expected to accelerate the current cyber arms race, pitting governments and industry against cybercriminals and nation-state actors. Generative AI can easily mimic humans in malicious emails, for example, or speed cybercriminals' code development,[3] while quantum computing is expected to obsolete much of today’s encryption technology.

    At the same time, other emerging technology trends such as the Internet of Things (IoT) and growing dependence on connected devices and networks are expanding the world’s vulnerability to attack, according to the State of the Connected World 2023, also issued in Davos.[4] Only 4% of IoT experts polled for this report express confidence that users of connected devices and related technologies are protected against cyberattacks. This kind of cyber insecurity is echoed in findings for Mimecast’s forthcoming State of Email Security 2023, in which nearly 80% of security professionals say they expect to suffer a negative impact to their business this year due to an email-borne cyberattack.

    Concerted Response Proves Illusive

    These new reports suggest that government and industry are long on risks but short on solutions. In WEF’s Global Risks Report, most policymakers and business leaders describe the current management of cyber risk as ineffective, highly ineffective, or of indeterminate effectiveness. In yet another report issued in Davos, a cybersecurity ratings organization gives grades of “C,” “D,” or “F” to nearly half the world’s critical manufacturers.[5]

    Discussions in Davos called for strengthening cross-border collaboration among public and private sector organizations to improve their response.[6] But in WEF’s Global Risks Report, businesses seem more concerned than policy makers about the impact of cyber risk in the near term. Specifically, business respondents surveyed for the report rank its severity at No. 4, while government respondents place it at No. 9. Both groups cite today’s cost-of-living crisis as the top priority for the next two years, but governments further de-prioritize cyber risk in relation to other near-term issues such as debt crises and price instability.

    This mismatch in priorities could pose a problem, since the report also reflects a consensus that governments are best situated to address the overall risk, whether at the local, national, bilateral, regional, or multilateral level. Tellingly, the report reveals a high level of concern about the ineffectiveness of multilateral institutions and international cooperation.

    Cyber Consequences

    One consequence of growing cyber risk is the breakdown of critical information infrastructure — itself coming in at No. 16 in the WEF Global Risks Report. Specifically, cyberattacks and other issues could lead to the “deterioration, overload, or shutdown of critical physical and digital infrastructure or services leading to the breakdown of Internet, cellular devices, public utilities, or satellites,” the report says.

    A worst-case scenario is illustrated by the war in Ukraine, where cyberattacks have aimed to shatter the very functioning of society. The conflict has included cyberattacks targeting communication services, financial websites, and electricity grids. 

    Ukraine’s cyber-siege could be a sign of risks to come elsewhere. “Alongside a rise in cybercrime, attempts to disrupt critical technology-enabled resources and services will become more common, with attacks anticipated against agriculture and water, financial systems, public security, transport, energy and domestic, space-based and undersea communication infrastructure,” the Global Risks Report says. Ultimately, the report adds, “the critical functioning of whole economies will only become more exposed with breakthroughs in dual-use [civilian and military] technologies, most notably quantum computing.”

    In the PwC survey, CEOs exposed to geopolitical risk say they are increasing cyber investments, adjusting supply chains, and changing their company’s global footprints.

    Tackling Global Cyber Risk

    Beyond calls for better risk identification, collaboration, and preparedness, the Davos output does not offer a cohesive roadmap for mitigating global cyber risk. However, some ideas that emerged include:

    • Stronger regulation and enforcement: The WEF Global Risks Report describes potentially replicable success in protecting data privacy, saying “severe fines for data loss are helping change the cost-benefit assessment around investment in cybersecurity measures.” Looking ahead, the report says, “The technology sector will be among the central targets of stronger industrial policies and enhanced state intervention.”
    • CEO leadership: As PwC’s report puts it: “CEOs have an important role to play to stay ahead of cyber challenges, ranging from speaking publicly about their commitment to cybersecurity, to using their influence to inspire sweeping changes, and creating a united front against attacks.” Within CEOs’ own companies, PwC suggests C-suite collaboration and sustained, cumulative investments in risk mitigation.
    • Proactive technological defenses: As described in the State of the Connected World report, “Many organizations still approach their cybersecurity reactively, with the bulk of efforts targeted at managing existing damage. Organizations and governments should focus on building a robust cybersecurity infrastructure from the design phase.”

    The Bottom Line

    Global leaders at the World Economic Forum’s annual meeting in Davos put cyber risk into long-term perspective, and the outlook is grim for at least the next decade. No clear roadmap emerged from the gathering to improve the situation, although some reports underscored the importance of regulation, business leadership, and technological defenses. What was clear, in WEF’s Global Risks Report, is this: “The way risks play out over the next two years has ramifications for the decade to come.”

    Find out more about the role of email, as the top vector for cyberattacks, in our forthcoming State of Email Security 2023 report.


     

    [1]Global Risks Report 2023,” World Economic Forum

    [2]PwC’s 26th Annual Global CEO Survey,” PwC

    [3]ChatGPT Artificial Intelligence: An Upcoming Cybersecurity Threat?” Dark Reading

    [4]State of the Connected World 2023 Edition,” World Economic Forum and the Council on the Connected World

    [5]Research Finds 48% of Global Critical Manufacturing At Significant Risk of Breach,” Security Scorecard

    [6]Davos Panelists Call for Cooperation Among Countries to Stave Off Cyber Threats,” Straits Times

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top