On Jan. 11, the World Economic Forum (WEF) published “The Global Risks Report 2017.” As we did for the 2016 edition, we dug in this year’s report to analyze key findings as they relate to cybersecurity.

Digging Into WEF’s ‘Global Risks Report’

The report tracked top risks from the past 10 years. While cyberattacks ranked fourth in 2012 and fifth in 2014 in terms of likelihood, massive incidents of data fraud and theft occupied fifth place in the 2017 report.

In terms of impact, the 2014 edition listed critical information infrastructure breakdown as the fifth most impactful problem. In fact, that single entry was the only one across 50 cells of high-impact risks tracked for the past decade.

At first glance, the report indicated that cyber risks matter only marginally in terms of likelihood and very little in terms of impact. This, however, is misleading.

Technological Risks and Trends for 2017

Looking at the list of technological risks tracked for 2017, the report specifically mentioned:

  • Adverse consequences of technological advances;
  • Breakdown of critical information infrastructure and networks;
  • Large-scale cyberattacks; and
  • Massive incidents of data fraud and theft.

Among the many interesting diagrams in the report, the global risk landscape visual organizes risks across likelihood and negative impact. The chart showed that cyberattacks — along with terrorist attacks, data fraud/theft and natural disasters — are highly likely to occur. It also showed that cyberattacks rank high in terms of negative impact, just below infectious diseases, food and water crises, fiscal crises and the risks mentioned previously.

In many ways, the failure to register cyber as a top five risk is illustrative of the many unknowns the digital realm presents to global leaders, who often struggle to understand just how vulnerable we all are and how pervasive technology has become. With this pervasiveness comes dependency, a rising trend mentioned in the report. WEF also singled out emerging technologies, such as artificial intelligence, for their potential cybersecurity benefits.

Balancing Security and Government Reach

The report emphasized that cyberattacks and breaches have led many countries to enact tough national security and counterterrorism measures. That changes the rights of citizens and alters how governments work in the 21st century.

An accompanying article, titled “Weaponized AI, Digital Espionage and Other Technology Risks for 2017,” cautioned global firms about the potential loss of digital supply chain access due to the continued — and very much deserved — push for better security and privacy to protect citizens’ data. The article also highlighted concerns that aren’t new for security professionals, but are finally getting much needed global attention: Technology has created new opportunities for industrial espionage or sabotage from afar, as well as for the hacker-for-hire living next door.

Putting It All Into Perspective

The report should help cybersecurity professionals appreciate the challenges and risks facing the C-suite, board directors and world leaders. Cyber is but one wave in a raging storm of global uncertainty, and top executives have a lot on their plates. It is therefore critical to communicate cyber risks in terms of impact on business objectives.

If it feels like the 2017 WEF report is light on cyber, it is. But for many years, the organization has been urging government and business leaders to become more aware of security risks and the global need for cyber resilience in this age of hyperconnectivity.

More from Risk Management

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…