Companies may be overlooking cyber risks as the pandemic and climate change dominate the risk agenda, according to the World Economic Forum (WEF).
Cybersecurity failure, digital inequality and adverse technology advances were the most prominent technology related risks in the WEF’s Global Risk Report 2022. However, they were ranked relatively low in the critical threats rankings and none appeared among the most potentially severe, signalling a possible “blindspot” in risk perceptions, WEF says.
Cybersecurity failure – the highest-ranked technology risk in the latest WEF survey of global risks – was ranked only seventh overall among the most critical risk for the short-term (next two years). Longer term, cybersecurity risk falls even lower – dropping to eighth in the mid-term (five years) and not even featuring in the top ten for long-term risks (ten years).
Cyber was, however, rated as the top risk in the UK, and was a top five risk for Australia, France, Ireland, Israel, the Netherlands, Singapore and Japan. It also featured in the top ten risks made worse during the pandemic – ranked seventh.
“Cyber is not top of mind in leaders’ responses to this year’s survey. Risks associated with the consequences of our growing dependence on technology were not in the top five for both short-term and long-term horizons. This indicates there may be a blindspot and this is very concerning, given that cyber is a growing threat,” said Marsh managing director Carolina Klint.
Commenting on the launch of the Global Risks Report 2022, which is supported by Marsh, Klint said the pandemic had been a “distraction” from cyber risks. “The pandemic has pulled attention in different directions, and not necessarily in the right directions. Cyber is a risk that some companies may have overlooked as they were forced to tend to more pressing issues. The switch to remote working happened overnight and now are we taking the time to evaluate the things put in place in the heat of the moment,” said Klint.
The pandemic prompted many companies to adopt remote working and accelerate digitalisation of their business models and supply chains, yet many businesses struggle to manage cyber-related risks, according to Klint.
“Cyberattacks are not new but their intensification over the past two years means the threat is growing faster than our ability to prevent or manage them effectively. Companies surviving the pandemic have been under more pressure than ever to digitalise and automate but too often this is built on the backbone of ageing technology, which has led to supply chain disruptions and greater exposure to cyberattacks, and especially ransomware,” said Klint.
Cyberattacks have also become more costly, according to Klint. “In 2021, we saw the highest average cost of a data breach in almost two decades. In addition, cyber insurance pricing is going up. For example, prices in the US rose by 96% in the third quarter of 2021,” she said.
“There are plenty of cyber risks that keep the c-suite up at night but there are four [in particular] that need to be tackled: critical infrastructure failures; an increasingly aggressive regulatory environment; unprecedented identity theft; and the failure to implement digital transformation effectively. Companies will soon not be able to claim good environmental social and governance (ESG) credentials without addressing these key areas,” Klint said.
The growing dependency on digital systems, intensified by Covid-19, has altered societies, according to the WEF. Industries have undergone rapid digitalisation, workers have shifted to remote working where possible, and platforms and devices facilitating this change have proliferated, it states.
“Lower barriers to entry for cyberthreat actors, more aggressive attack methods, a dearth of cybersecurity professionals and patchwork governance mechanisms are all aggravating the risk. Attacks on large and strategic systems will carry cascading physical consequences across societies, while prevention will inevitably entail higher costs. Intangible risks – such as disinformation, fraud and lack of digital safety – will also impact public trust in digital systems,” the report notes.
The WEF also warns that cyber risk could drive political risk, at a time when international collaboration is needed most. “Greater cyber threats will also hamper cooperation between states if governments continue to follow unilateral paths to control risks. As attacks become more severe and broadly impactful, already-sharp tensions between governments impacted by cybercrime and governments complicit in their commission will rise, as cybersecurity becomes another wedge for divergence – rather than cooperation – among nation states.”
Governments and business must work together more closely to build resilience at local and national levels, according to Klint. “By building real partnerships between the public and private sectors based on new approaches to risk mitigation and data sharing, we can make choices now that will enhance our risk preparedness and resilience. By taking these steps, when the next crisis emerges we will be ready to respond with greater agility and cohesiveness,” she said.
“Resilience is a journey, not a destination. It is important that a company’s resilience journey focuses not only on a its own assets and processes but also the vulnerabilities of those in their supply chain – utilities, service providers, suppliers and also customers,” said Klint.
“The pandemic has highlighted the importance of connecting risk to strategy. And this includes strengthening communication with stakeholders and empowering leaders and employees to make real-time decisions. In addition, diverse and inclusive organisations outperform their peers. Diversity helps companies better understand the markets they serve and enables them to take a more holistic view of the emerging risk landscape,” said Klint.