“The failure to understand and address risks related to technology, primarily the systemic cascading effects of cyber risks or the breakdown of critical information infrastructure, could have far-reaching consequences for national economies, economic sectors and global enterprises.” – World Economic Forum’s “The Global Risks Report 2016”

The World Economic Forum (WEF) published “The Global Risks Report 2016” on Jan. 14, 2016, a week before the annual iteration of its famed Davos conference, which begins today. Here are some of the key findings from the report as related to cyber risks and cyber resilience.

Cyber Risks Remain a Major Concern

The report provides ongoing evidence that cyber risks are top of mind for business leaders globally. This is not only evident in the number of countries that have selected cyber-related risks as one of their top concerns, but is also evident in the report’s phrasing of the cyber risk reality: “The internet has opened a new frontier in warfare: Everything is networked and anything networked can be hacked.”

One of the major findings of the report is that, for the U.S. market, the risk of cyberattacks was listed as the top risk. In accompanying press releases, the WEF indicated that the top risk for business leaders was cyberattacks in at least seven other countries, including Japan, Germany, Switzerland and Singapore.

Cyberattacks were also listed in the top five risks in 27 world economies. However, from a global risk perspective, cyberattacks are not featured on the top five global risks, whereas they were in fourth place in 2012 and in fifth place in 2014.

The report pointed to increasing dependency on cyber as an area of potential future risks: “Cases have been rising in both frequency and scale. They have so far been isolated, concerning mostly a single entity or country, but as the Internet of Things (IoT) leads to more connections between people and machines, cyber dependency — considered by survey respondents as the third most important global trend — will increase, raising the odds of a cyberattack with potential cascading effects across the cyber ecosystem. As a result, an entity’s risk is increasingly tied to that of other entities.”

IT’s Stature Is Increasing

The report warned that while organizations see the value that IT can bring, they “may not be fully internalizing cybersecurity risks and making the appropriate level of investment to enhance operational risk management and strengthen organizational resilience.” It further warned, “Every future conflict will have a cyber element, and some may be fought entirely in cyberspace.”

That prospect is daunting to those tasked with cybersecurity. “Given that attack is easier than defense in cyberspace, this will dramatically change how the entire security apparatus prepares for potential breaches. Physical distance no longer offers protection; many technologies are dual-use; much critical infrastructure is privately owned; and attacks are easy to disguise given the challenges of attribution.”

Finally, the report criticized the current state of ownership and collaboration around cyber risks within organizations. “Although CEOs worry about rising cyber risks, the ownership of and responsibility for the cyber risk is less clear,” the report stated. “Who in the corporation is the actual owner of the risk? While there are many C-level owners (CISO, CFO, CEO, CRO, Risk Management), each of these owners has differing but related interests and unfortunately often does not integrate risk or effectively collaborate on its management. Defining clear roles and responsibilities for cyber risk is crucial.”

The World Economic Forum Asks Companies to Get on Board

As far back as 2012, the WEF started an initiative to get business leaders thinking about and engaged with cyber resilience. In its “Partnering for Cyber Resilience” paper, the WEF defined cyber resilience as “the ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery.”

The paper also contained a five-stage maturity model for cyber resilience. Organizations are categorized as one of the following with regard to how they approach cyber risks:

  1. Unaware
  2. Fragmented
  3. Top down
  4. Pervasive
  5. Networked

The WEF asked executives to adopt four key principles in their efforts to address cyber risks. These were further detailed in a follow-up paper titled “Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience.” The four principles are:

  1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space.
  2. Role of leadership: Encourage executive-level awareness and leadership of cyber risk management.
  3. Integrated risk management: Develop a practical and effective implementation program.
  4. Promote uptake: Where appropriate, encourage suppliers and customers to develop a similar level of awareness and commitment.

In all, “The Global Risks Report 2016” provided business leaders with an unmistakable warning about the need to manage and govern cyber risks and start addressing organizations’ cyber resilience. At stake are the organization’s assets and reputation.

More from Risk Management

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good?? In this exclusive Q&A, we spoke with…

3 min read

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read