January 20, 2016 By Christophe Veltsos 3 min read

“The failure to understand and address risks related to technology, primarily the systemic cascading effects of cyber risks or the breakdown of critical information infrastructure, could have far-reaching consequences for national economies, economic sectors and global enterprises.” – World Economic Forum’s “The Global Risks Report 2016”

The World Economic Forum (WEF) published “The Global Risks Report 2016” on Jan. 14, 2016, a week before the annual iteration of its famed Davos conference, which begins today. Here are some of the key findings from the report as related to cyber risks and cyber resilience.

Cyber Risks Remain a Major Concern

The report provides ongoing evidence that cyber risks are top of mind for business leaders globally. This is not only evident in the number of countries that have selected cyber-related risks as one of their top concerns, but is also evident in the report’s phrasing of the cyber risk reality: “The internet has opened a new frontier in warfare: Everything is networked and anything networked can be hacked.”

One of the major findings of the report is that, for the U.S. market, the risk of cyberattacks was listed as the top risk. In accompanying press releases, the WEF indicated that the top risk for business leaders was cyberattacks in at least seven other countries, including Japan, Germany, Switzerland and Singapore.

Cyberattacks were also listed in the top five risks in 27 world economies. However, from a global risk perspective, cyberattacks are not featured on the top five global risks, whereas they were in fourth place in 2012 and in fifth place in 2014.

The report pointed to increasing dependency on cyber as an area of potential future risks: “Cases have been rising in both frequency and scale. They have so far been isolated, concerning mostly a single entity or country, but as the Internet of Things (IoT) leads to more connections between people and machines, cyber dependency — considered by survey respondents as the third most important global trend — will increase, raising the odds of a cyberattack with potential cascading effects across the cyber ecosystem. As a result, an entity’s risk is increasingly tied to that of other entities.”

IT’s Stature Is Increasing

The report warned that while organizations see the value that IT can bring, they “may not be fully internalizing cybersecurity risks and making the appropriate level of investment to enhance operational risk management and strengthen organizational resilience.” It further warned, “Every future conflict will have a cyber element, and some may be fought entirely in cyberspace.”

That prospect is daunting to those tasked with cybersecurity. “Given that attack is easier than defense in cyberspace, this will dramatically change how the entire security apparatus prepares for potential breaches. Physical distance no longer offers protection; many technologies are dual-use; much critical infrastructure is privately owned; and attacks are easy to disguise given the challenges of attribution.”

Finally, the report criticized the current state of ownership and collaboration around cyber risks within organizations. “Although CEOs worry about rising cyber risks, the ownership of and responsibility for the cyber risk is less clear,” the report stated. “Who in the corporation is the actual owner of the risk? While there are many C-level owners (CISO, CFO, CEO, CRO, Risk Management), each of these owners has differing but related interests and unfortunately often does not integrate risk or effectively collaborate on its management. Defining clear roles and responsibilities for cyber risk is crucial.”

The World Economic Forum Asks Companies to Get on Board

As far back as 2012, the WEF started an initiative to get business leaders thinking about and engaged with cyber resilience. In its “Partnering for Cyber Resilience” paper, the WEF defined cyber resilience as “the ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery.”

The paper also contained a five-stage maturity model for cyber resilience. Organizations are categorized as one of the following with regard to how they approach cyber risks:

  1. Unaware
  2. Fragmented
  3. Top down
  4. Pervasive
  5. Networked

The WEF asked executives to adopt four key principles in their efforts to address cyber risks. These were further detailed in a follow-up paper titled “Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience.” The four principles are:

  1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space.
  2. Role of leadership: Encourage executive-level awareness and leadership of cyber risk management.
  3. Integrated risk management: Develop a practical and effective implementation program.
  4. Promote uptake: Where appropriate, encourage suppliers and customers to develop a similar level of awareness and commitment.

In all, “The Global Risks Report 2016” provided business leaders with an unmistakable warning about the need to manage and govern cyber risks and start addressing organizations’ cyber resilience. At stake are the organization’s assets and reputation.

More from Risk Management

Back to basics: Better security in the AI era

4 min read - The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to catch up. According to the Google Cloud Cybersecurity Forecast 2024 report, companies should anticipate a surge in attacks powered by generative AI tools and LLMs…

Mapping attacks on generative AI to business impact

5 min read - In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure must be businesses’ top priority. While generative AI adoption is in its nascent stages, we must establish effective strategies to secure it from the onset. The IBM Institute for Business Value found that despite 64%…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today