The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always changing. As a recent report by World Economic Forum shows, businesses and other entities should know how to keep up with and measure cybersecurity risk. Both are important and ongoing aspects of keeping your digital assets secure.

The Threat of ‘Cybersecurity Failure’

In early January, the World Economic Forum (WEF) released its Global Risks Report 2021. In this report, built from a survey, 650 members of WEF’s leadership groups offered their perspective on global risks. Their responses helped illustrate some of the major sources of risk confronting the world going into the new decade.

One of those was ‘cybersecurity failure.’ In other words, defensive measures always lag behind threat actors and breaches. Members of the WEF see this failure as one of the highest likelihood risks of the next decade. More than one-third (39%) said they regarded it as a ‘clear and present danger,’ meaning it will likely take effect over the next two years. About half (49%) expect it will also be an issue in the next three to five years.

Today’s Threats to Cybersecurity Risk Management

The reality is the world doesn’t need to wait for this failure. It’s already here, and one need not look far for proof.

Worldwide information security and cybersecurity risk management spending will grow 2.4% to reach $123.8 billion by the end of the year, Gartner predicted in June 2020. They projected one-third of that spending would go to security measures designed to support organizations’ cloud adoption efforts. The next highest investments are in technologies designed to secure organizations’ applications and data as many transitioned to a remote work model.

All of that spending didn’t prevent cybersecurity breaches, though. The FBI received 4,000 cyberattack-related complaints over the course of 2020, wrote the Associated Press. It also didn’t prevent a notable supply chain attack that hit U.S. federal departments, security firms and tech giants. Three in 10 victims weren’t even running the compromised software before they fell victim to the attackers. Attackers abused software flaws, guessed online passwords and took advantage of configuration issues in a popular cloud-based platform.

This shows how entities are linked together. Malicious actors used their diverse attack techniques to turn one compromise into tens of thousands. They understand what this means, which is why a Microsoft executive told ZDNet that there won’t just be more incidents like the supply chain attack going forward but that they will be “the norm.”

Dependence and Cybersecurity Risk Management

Entities aren’t completely powerless against cybersecurity breaches. On the contrary, one can use cybersecurity risk assessments on an ongoing basis to scan your networks for potential weak points. Use the findings to direct investments. Focus on strengthening your position with respect to vulnerability management, network monitoring and threat intelligence. The threats might change, but these and other defense basics will remain.

Recent attacks and the WEF’s report underscore the need for greater teamwork and mutual accountability among all parties when it comes to digital defense. Vendors and researchers can’t protect everyone on their own. They need to work together if they hope to manage the global risk of cybersecurity failure over the next five years and the years that follow.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today