The 2021 World Economic Forum (WEF) Global Risk Report, used for over a decade by organizations around the world as a risk assessment tool, has named “cybersecurity challenges” as the fourth most pressing danger to the global economy.
The ranking is determined by responses to a survey conducted among various stakeholders and organizations affiliated with the WEF, with respondents from a broad mix of countries and industries. The survey asks respondents to rank the likelihood (and severity) of various threat categories having negative impact on governments and industries within the next 10 years. “Infectious diseases” was the unsurprising first choice given the current pandemic conditions, but cybersecurity challenges trailed only “livelihood crises” and “extreme weather events” among the most frequently anticipated global risks of the near future.
Global risk report foresees a much more challenging cybersecurity environment
One of the major themes running through the 2021 Global Risk Report is division and isolation. The study sees divides growing along both national and individual lines, with industries becoming more isolated and polarized as a “disaffected” younger generation that lacks in opportunity pathways comes of age.
The report sees a “digital division” shaping up as well. The growth of decision-making algorithms being put to use across many different industries is one factor in this; there is the risk of basing these algorithms on biased data sets, as was famously done with a number of high-profile facial recognition systems. But the report also sees the increasing use of algorithms by bad actors as a means of quickly spreading malicious information and running scams (among other related cybersecurity challenges). And algorithms that are allowed to make critical decisions could fail; for example in the diagnosis of medical patients.
Automation and the changing workplace is also a factor in this growing division. While shifting to mass remote work is expected to be a long-term net benefit for many organizations, it is also both a source of new cybersecurity challenges and contributing to displacing more workers that do not have the requisite skills. The latter point is compounded by the rise of automation, which has the potential to remove 85 million jobs worldwide within the next five years. There is also a projection that as many as 97 million new jobs could be created by automation during the same period, but overwhelmingly these jobs will require specific skills and will not be available to untrained workers. The report sees government-funded upskilling of these workers as unlikely given the economic realities that most nations face coming out of the protracted Covid-19 pandemic. The good news in this area is that two-thirds of employers expect to see a return on investment in reskilling/upskilling their workers within one year.
The report also notes the increased appetite for regulation across the world. About 80% of the nations of the world now have some form of data protection regulations, and regulations in the world’s largest economies are almost universally tightening. Specific points that the report notes are the draft of the Digital Markets Act in the European Union, the antitrust probes and lawsuits directed at big tech’s biggest names in the United States, and increased pressure in both regions on social media platforms to police potentially malicious content and misinformation.
Subversive influences are on the rise and are among the top risks, with a noted uptick in governments seizing on and wielding conspiracy theories when it helps them politically against rival states. This is in addition to a general increase in cyber attacks during the pandemic, including those suspected to originate from state-backed threat actors. The report sees nations it refers to as “middle powers,” or those that are internationally influential but sit just short of superpower status, as the leading targets of aggressive state-backed attacks due to cyber defense capacities that are more limited than those of the leading powers. Middle powers are also expected to fall behind while playing defense against cybersecurity challenges as superpowers engage in a zero-sum game of collecting economic and technological power, increasing the chances of state collapse and interstate conflict in the long term.
The report also points out that “digital-physical hybridization” has accelerated tremendously due to the COVID-19 restrictions, seeing industries speed up plans for bringing various functions online. For example, e-commerce and remote work elements that were expected to gradually transition to a fully online model over the space of years were in some cases accomplished in mere weeks when the pandemic made it necessary. The risks outlook notes that this has been of disproportionate benefit to tech giants, and questions whether both populations and government will be accepting of their growing market dominance. This feeds into the expectations of increased regulation, but also suggests that public scrutiny and criticism will increase along with perceived inequality.
Hitesh Sheth, President and CEO at Vectra, feels that cybersecurity challenges are being underplayed as a global risk in spite of the substantial amount of time the report spends on covering them: “The only surprise in the World Economic Forum Global Risks Report is that cybersecurity failure isn’t ranked higher. Without secure, high-functioning IT, addressing all the other crises the report names, from climate to digital inequality, becomes much harder. For years our well-understood cyber vulnerabilities have been met with too much rhetoric, too little real action. I know the political challenge of marshaling consensus to avert an emergency that hasn’t yet blown up in everyone’s face. But the SolarWinds critical infrastructure attack was a probable harbinger of more to come. It’s imperative that we dial up urgency on cybersecurity in the public and private sectors alike.”
Cybersecurity challenges in the coming decade
How are organizations responding to the immediate cybersecurity challenges created by the pandemic? Unsurprisingly, the report reveals that information security and business continuity/resilience are the objectives that have increased the most in priority in the past year. Customer/user experience, business agility, employee productivity and modernization have also significantly increased as priority items. Only 17.3% of respondents said that they had not shuffled their priorities at all in response to COVID-19.
One item that the global risk report feels organizations may overlook in the near term is the increased business dependence on third parties as automation, smart systems and 5G networks continue to become more widespread. Vendor compromise, already a serious issue, only stands to become more of a problem in this emerging ecosystem of interconnected devices. Chris Clements, VP of Solutions Architecture for Cerberus Sentinel, points out that criminals are already well-positioned and taking full advantage of this development: “As our world becomes increasingly intertwined with network connected devices and services the threat of significant disruption due to cyber-attack grows ever more substantial. Cybercrime remains a lucrative business. Criminal gangs extort millions of dollars from their victims and in addition to funding lavish lifestyles for the members provide ample budget for developing powerful hacking tools and purchasing zero-day exploits. Against such sophisticated threats the vast majority of defenders don’t stand a chance. It’s often shocking to the security professionals tasked with protecting and organization and its data just how easy it is to bypass or defeat security controls like anti-virus or how fast attackers can crack passwords … Beyond business disruption these attacks will increasingly affect the health and safety of people- we’ve already witnessed the death of a woman in Germany in 2020 directly attributed to a ransomware attack on a healthcare provider.”
The global risk report also highlights the increasing influence of national security concerns on business cybersecurity strategies, conflicting priorities caused by complex sets of regulations, widespread lack of cybersecurity expertise and difficulty enforcing the law against remote cyber criminals as the top challenges business leaders will be facing in 2021.