The summer warmth lingers and omicron remains absent from our cities and towns.
So why did I ruin the serene vibe by logging back onto LinkedIn this week, where I stumbled upon the livestreamed press conference launching the World Economic Forum’s (WEF) Global Risks Report?
The Switzerland-based business lobby group’s annual update of the factors that risk causing carnage and mayhem for us in the next decade sets the tone for another year living with the virus.
Only 16% of the report survey’s respondents, which included 12,000 business leaders from around the world, “feel positive and optimistic about the outlook of the world”, according to the WEF.
In the short term, we face rising commodity prices, inflation and debt crises. The lingering pandemic will erode social cohesion even further. Climate change is the biggest worry overall, with extreme weather events expected to cause turmoil around the globe.
Even the digital world, a beacon of growth and progress during the pandemic as business digitised at an unprecedented rate, is a cause for hand-wringing, according to the world’s business elite.
Cybersecurity failures represent the biggest technological risk identified in the report, sandwiched between “debt crises” and “infectious diseases” in terms of its perceived importance. In fact, when you zoom in on the NZ data, “failure of cybersecurity measures” is identified as the number one risk to the economy, ahead of the asset bubble bursting, infectious diseases or extreme weather.
Of the 124 economies surveyed by the WEF, only Australia, Ireland and the United Kingdom also rate cybersecurity failures as their number one risk. That acknowledges the anxiety executives here and in those similarly developed nations feel about our lack of cybersecurity preparedness.
We may be moving to cloud platforms at pace and embracing the digital economy. But our cybersecurity infrastructure and measures have, as the WEF puts it, been “outstripped or rendered obsolete by increasingly sophisticated and frequent cybercrimes, resulting in economic disruption, financial loss, geopolitical tensions and/or social instability”.
The Waikato District Health Board (DHB) ransomware attack could be just the tip of the iceberg if we aren’t careful.
The WEF survey was taken in October before the Log4j software library exploit was discovered and sent IT teams back to the office over the Christmas break to try and patch their systems against it. Cybersecurity attacks will likely come even faster and have the potential to inflict more damage this year.
“There are plenty of cyber risks that keep the C-suite up at night,” Carolina Klint of strategy consultancy Marsh McLennan, told the WEF press conference.
She pointed to four in particular that need to be tackled:
- critical infrastructure failures.
- unprecedented identity theft.
- aggressive regulatory environments.
- failing to execute digital transformation effectively.
“Companies soon won't be able to claim good ESG (environment, social, governance) credentials without addressing these key areas,” said Klint.
A lack of cybersecurity preparedness is already hitting insurance premiums, she added.
“For example, [cybersecurity insurance] prices in the United States rose by 96% in the third quarter of 2021,” she said.
Premiums were actually up 202% for the year. A relatively new addition in NZ, cybersecurity insurance is just one factor that now sees a typical small to medium-sized business needing to spend up to 4% of its operating budget on security. It’s less for large organisations – 1-to-2%.
This is the cost of increasingly doing business in the digital world and should be able to be offset by efficiencies and cost-savings that can be achieved after digitally transforming a business.
Multilateral approach needed
The pandemic increased our reliance on digital platforms and applications, but merely accelerated a trend that was already well-entrenched. The only answer is to take the cybersecurity threat seriously, at both a business and an economy-wide level. Businesses have no excuse. The financial and reputational impacts of being hacked and having customer data stolen are plain to see.
Governments, including our own, are failing to take a sufficiently multilateral approach to choke off the burgeoning global cybercrime economy.
As the WEF points out, “patchwork enforcement mechanisms across jurisdictions continue to hamper efforts to control cybercrime".
“Geopolitical rifts hinder potential cross-border collaboration, with some governments unwilling or unable to regulate cyber intrusions that originate inside and impact
outside their borders.”
The very real threat of failing to act on climate change preoccupies those in the WEF’s orbit. But equally dangerous in its own right is failing to acknowledge the rising tide of cybercrime.
We’ve gone digital. There’s no going back. Just as with climate change, the answer to a more stable and secure digital world lies in human behaviour, technology and leadership. We need to work on all three as priorities when it comes to cybersecurity.