On Jan. 11, the World Economic Forum (WEF) published “The Global Risks Report 2017.” As we did for the 2016 edition, we dug in this year’s report to analyze key findings as they relate to cybersecurity.

Digging Into WEF’s ‘Global Risks Report’

The report tracked top risks from the past 10 years. While cyberattacks ranked fourth in 2012 and fifth in 2014 in terms of likelihood, massive incidents of data fraud and theft occupied fifth place in the 2017 report.

In terms of impact, the 2014 edition listed critical information infrastructure breakdown as the fifth most impactful problem. In fact, that single entry was the only one across 50 cells of high-impact risks tracked for the past decade.

At first glance, the report indicated that cyber risks matter only marginally in terms of likelihood and very little in terms of impact. This, however, is misleading.

Technological Risks and Trends for 2017

Looking at the list of technological risks tracked for 2017, the report specifically mentioned:

  • Adverse consequences of technological advances;
  • Breakdown of critical information infrastructure and networks;
  • Large-scale cyberattacks; and
  • Massive incidents of data fraud and theft.

Among the many interesting diagrams in the report, the global risk landscape visual organizes risks across likelihood and negative impact. The chart showed that cyberattacks — along with terrorist attacks, data fraud/theft and natural disasters — are highly likely to occur. It also showed that cyberattacks rank high in terms of negative impact, just below infectious diseases, food and water crises, fiscal crises and the risks mentioned previously.

In many ways, the failure to register cyber as a top five risk is illustrative of the many unknowns the digital realm presents to global leaders, who often struggle to understand just how vulnerable we all are and how pervasive technology has become. With this pervasiveness comes dependency, a rising trend mentioned in the report. WEF also singled out emerging technologies, such as artificial intelligence, for their potential cybersecurity benefits.

Balancing Security and Government Reach

The report emphasized that cyberattacks and breaches have led many countries to enact tough national security and counterterrorism measures. That changes the rights of citizens and alters how governments work in the 21st century.

An accompanying article, titled “Weaponized AI, Digital Espionage and Other Technology Risks for 2017,” cautioned global firms about the potential loss of digital supply chain access due to the continued — and very much deserved — push for better security and privacy to protect citizens’ data. The article also highlighted concerns that aren’t new for security professionals, but are finally getting much needed global attention: Technology has created new opportunities for industrial espionage or sabotage from afar, as well as for the hacker-for-hire living next door.

Putting It All Into Perspective

The report should help cybersecurity professionals appreciate the challenges and risks facing the C-suite, board directors and world leaders. Cyber is but one wave in a raging storm of global uncertainty, and top executives have a lot on their plates. It is therefore critical to communicate cyber risks in terms of impact on business objectives.

If it feels like the 2017 WEF report is light on cyber, it is. But for many years, the organization has been urging government and business leaders to become more aware of security risks and the global need for cyber resilience in this age of hyperconnectivity.

More from Risk Management

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…