January 20, 2016 By Christophe Veltsos 3 min read

“The failure to understand and address risks related to technology, primarily the systemic cascading effects of cyber risks or the breakdown of critical information infrastructure, could have far-reaching consequences for national economies, economic sectors and global enterprises.” – World Economic Forum’s “The Global Risks Report 2016”

The World Economic Forum (WEF) published “The Global Risks Report 2016” on Jan. 14, 2016, a week before the annual iteration of its famed Davos conference, which begins today. Here are some of the key findings from the report as related to cyber risks and cyber resilience.

Cyber Risks Remain a Major Concern

The report provides ongoing evidence that cyber risks are top of mind for business leaders globally. This is not only evident in the number of countries that have selected cyber-related risks as one of their top concerns, but is also evident in the report’s phrasing of the cyber risk reality: “The internet has opened a new frontier in warfare: Everything is networked and anything networked can be hacked.”

One of the major findings of the report is that, for the U.S. market, the risk of cyberattacks was listed as the top risk. In accompanying press releases, the WEF indicated that the top risk for business leaders was cyberattacks in at least seven other countries, including Japan, Germany, Switzerland and Singapore.

Cyberattacks were also listed in the top five risks in 27 world economies. However, from a global risk perspective, cyberattacks are not featured on the top five global risks, whereas they were in fourth place in 2012 and in fifth place in 2014.

The report pointed to increasing dependency on cyber as an area of potential future risks: “Cases have been rising in both frequency and scale. They have so far been isolated, concerning mostly a single entity or country, but as the Internet of Things (IoT) leads to more connections between people and machines, cyber dependency — considered by survey respondents as the third most important global trend — will increase, raising the odds of a cyberattack with potential cascading effects across the cyber ecosystem. As a result, an entity’s risk is increasingly tied to that of other entities.”

IT’s Stature Is Increasing

The report warned that while organizations see the value that IT can bring, they “may not be fully internalizing cybersecurity risks and making the appropriate level of investment to enhance operational risk management and strengthen organizational resilience.” It further warned, “Every future conflict will have a cyber element, and some may be fought entirely in cyberspace.”

That prospect is daunting to those tasked with cybersecurity. “Given that attack is easier than defense in cyberspace, this will dramatically change how the entire security apparatus prepares for potential breaches. Physical distance no longer offers protection; many technologies are dual-use; much critical infrastructure is privately owned; and attacks are easy to disguise given the challenges of attribution.”

Finally, the report criticized the current state of ownership and collaboration around cyber risks within organizations. “Although CEOs worry about rising cyber risks, the ownership of and responsibility for the cyber risk is less clear,” the report stated. “Who in the corporation is the actual owner of the risk? While there are many C-level owners (CISO, CFO, CEO, CRO, Risk Management), each of these owners has differing but related interests and unfortunately often does not integrate risk or effectively collaborate on its management. Defining clear roles and responsibilities for cyber risk is crucial.”

The World Economic Forum Asks Companies to Get on Board

As far back as 2012, the WEF started an initiative to get business leaders thinking about and engaged with cyber resilience. In its “Partnering for Cyber Resilience” paper, the WEF defined cyber resilience as “the ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery.”

The paper also contained a five-stage maturity model for cyber resilience. Organizations are categorized as one of the following with regard to how they approach cyber risks:

  1. Unaware
  2. Fragmented
  3. Top down
  4. Pervasive
  5. Networked

The WEF asked executives to adopt four key principles in their efforts to address cyber risks. These were further detailed in a follow-up paper titled “Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience.” The four principles are:

  1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space.
  2. Role of leadership: Encourage executive-level awareness and leadership of cyber risk management.
  3. Integrated risk management: Develop a practical and effective implementation program.
  4. Promote uptake: Where appropriate, encourage suppliers and customers to develop a similar level of awareness and commitment.

In all, “The Global Risks Report 2016” provided business leaders with an unmistakable warning about the need to manage and govern cyber risks and start addressing organizations’ cyber resilience. At stake are the organization’s assets and reputation.

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today