The World Economic Forum (WEF) has listed cyber-security as one of the greatest threats to business around the world. In the Global Risks Report, the annual study of what the WEF fears and what the forum feels the world should fear, cyber-security has made its third appearance.
The category finds itself ranked fairly high, above food crises, interstate conflict, terrorist attacks and spread of infection diseases but below climate change, fiscal crises and mass migration.
In 140 economies, the report notes, cyber-attacks rank in the top ten threats. The United States is considered to have the most to be concerned about given the effects cyber-threats can have on the economy.
Economies increasingly reliant on connected technologies, like Asia and Europe, are predictably worried as well. It's a concern that will only grow with those connections, the report notes: “As the Internet of Things leads to more connections between people and machines, cyber dependency – considered by survey respondents as the third most important global trend – will increase, raising the odds of a cyber-attack with potential cascading effects across the cyber ecosystem.”
As cyber-dependence rises, the report adds, “the resulting interconnectivity and interdependence can diminish the ability of organisations to fully protect their entire enterprise.”
There are two particular areas of concern, the report says, that organisations often overlook: mobile internet and machine-to-machine connections. The report says it is vital “to integrate physical and cyber management, strengthen resilience leadership and organisational and business processes, and leverage supporting technologies”.
While the report clearly states cyber-security as one of the main threats to economic stability going into 2016, worry has diminished since the category was first introduced into the annual report in 2012. Back then, cyber-security came 4th in the top five global threats in terms of likelihood, it disappeared from the ranking in 2013 and then came back at fifth place in 2014. It has not ranked in the top five most likely global threats since then.
This high estimation of cyber-threats, notes the report, may be down to the fact that large data breaches are finally creeping across newspaper headlines and into the public imagination as a more present danger, than it might have otherwise been. In fact, considering the global risk report is gathered from interviews, we might also say that this particular report is just as much a catalogue of global fears as it is actual global risks.
Norman Shaw, CEO and founder of ExactTrak, told SCMagazine UK.com, “This is a really positive thing actually, because there's still some enterprises, and some employees within those enterprises who don't take data protection and cyber-security seriously, despite the mass media reporting it on almost daily.”
For example, said Shaw, “Employees can also use the same passwords for work as they do for everything else, including their personal devices and accounts which are often not subject to much security, making it easy for hackers to find a way into the corporate data.”
He added: “More awareness of how serious the problem of cyber-security is can only be a good thing.”
Tim Grieveson, Hewlett Packard Enterprise's chief cyber strategist, enterprise security products, said: “Businesses need to understand that it's not a matter of whether they will be breached, but a matter of when. As such, security professionals need to start thinking like an adversary to identify what data is most likely to be targeted and what tools are most likely to be used. Make the assumption you're going to be breached or have been but don't know about it yet, and look at how you can disrupt and manage the breach when it inevitably occurs.”