Cargo ship at sea during a storm showing business risk of cyber attacks

In the Age of Coronavirus, Infectious Disease Isn’t the Top Business Risk in the US; Cyber Attacks Are

Though the Covid-19 crisis is still not in check in the United States after seven months of public restrictions and it is still unclear when a vaccine will be developed, infectious disease clocks in as only the second-greatest business risk category in 2020. Cyber attacks remain the country’s greatest challenge, something that bucks a general global trend among the world’s major economies.

The information comes from the World Economic Forum (WEF) annual “Regional Risks for Doing Business” report, which surveys 12,000 business leaders across 127 countries. Each participant is asked to rank the top risks that they are anticipating over the coming decade. Globally, unemployment and the spread of infectious disease were seen as the top business risks; Europe, Eurasia and East Asia and the Pacific all named infectious disease as the biggest of the imminent challenges.

Unique business risks for the United States

While the world sees cyber attacks as the fourth-greatest business risk at present and in the coming years, 55% of US business leaders saw it as their biggest problem in the near future. This is not to say that the rest of the world is at substantially less risk than the US; Europe reported cyber attacks as the second-greatest concern and the UK joined the US in naming it as the biggest immediate challenge.

The WEF report merely lists response totals and does not delve into analysis, but it is reasonable to speculate that the US is in this unique position due to a combination of volume of attacks and a general lack of preparedness given the country’s economic position. Each year the US is usually at or near the top of the list of countries targeted by both cyber criminals and nation-state espionage groups, but is not necessarily adequately prepared for both the volume and quality of attacks it receives. In March, Forbes reported that the US was only 17th on the list of countries in terms of cyber readiness and had actually dropped 12 places since 2019. This was attributed to a failure to keep pace with emerging types of cyber attacks and to put adequate national-level data security and privacy legislation in place. This is a particular problem given that the country’s chief rivals, China and Russia, are the world leaders in terms of cyber espionage attacks.

Globally, fiscal crisis dropped from being the world’s primary concern (now third behind infectious disease and unemployment) while ecosystem collapse, biodiversity loss and natural catastrophes bounded well up the chart in the space of just one year. Climate change in general has been a significant driver of concerns as extreme weather events also became a significantly greater point of concern. Collectively, issues tied to climate change and environmental risks displaced concerns about human-made catastrophes, terrorist attacks and failures of urban planning, all of which tumbled from six to nine spots down the rankings of the global risk report.

Infectious disease also naturally saw massive gains on the business risk chart given the current pandemic conditions, jumping up 28 spots from 2019. Every region of the world except for South Asia placed it in their top 10 concerns and listed it as at least the third-greatest of its anticipated issues.

Saadia Zahidi, Managing Director at the WEF, also cited rising automation and transitions to greener economies as both a source of potential business risk and an opportunity to improve labor markets and social safety nets.

US cyber attacks increase during pandemic

It’s also worth noting that the top two business risks for the US are intertwined. Much of the spike in cyber attacks directed at the country can be traced to the increase in remote work arrangements that were in turn driven by pandemic conditions and lockdown measures.

Organizations had to adjust quickly to the social distancing measures and travel restrictions that came on very suddenly and rapidly in March, after an initial period of a general downplaying of the virus in the media in North America. This created all sorts of problems as a great deal of previously office-only work shifted to the home: unsecure employee devices, rapid adoption of untested third party remote work applications and services, employees implementing unauthorized “shadow IT” solutions to get things done, and issues in drawing the line between productivity monitoring methods and protected personal information that should not be crossing work servers among them.

It is reasonable to expect cyber attacks to continue to be a primary issue for the US if one anticipates these remote work changes becoming a longer-term phenomenon. There has been much speculation about this, but a number of surveys have found overwhelming support at the business end to retain at least a partial work-from-home structure even after the Covid-19 pandemic is under control. If that’s the case, it means that the current novel cyber security issues will need to be permanently addressed. It also likely means that a new suite of compliance issues will pop up, particularly in the US as the federal government slowly moves toward some sort of national data security and privacy standards.

While concerns about infectious disease as a business risk will likely subside to a great deal once a vaccine and improved treatment measures for Covid-19 are developed, the US focus on cyber attacks and data breaches is likely to continue throughout the coming decade.