World Economic Forum Names Cybercrime and Cyber Insecurity Among Top 10 Global Risks for 2023

Business and cyber leaders polled by WEF worry that geopolitical unrest will trigger a “catastrophic cyberattack” in the next two years. Here’s what you need to know.

A two-year global pandemic. The war in Ukraine. The inflation and cost of living crisis. Increasingly frequent natural disasters and extreme weather events. One thing that these severe geopolitical and economic crises have in common is that they constantly change the cyberthreat landscape, making it more difficult for businesses to keep pace and defend themselves, as emboldened cyberattackers get craftier and more sophisticated.

How will global unrest heighten cyber risk in the medium and long term? That’s an issue that the World Economic Forum explored in two recent reports: World Economic Forum’s Global Risks Report 2023 and Global Cybersecurity Outlook 2023. The reports examine the cybersecurity trends that will impact our economies and societies in the years to come, and serve as a call to action, urging businesses and organizations to build cyber resilience. A key finding: A majority of cyber and business leaders worry that geopolitical instability will cause a major cyberattack at some point in the next two years. Here’s what you need to know.

Cybersecurity ranks 8th in the WEF’s top 10 global risks

The WEF’s Global Risks Report 2023 ranked cybercrime and cyber insecurity as the eighth most severe global risk within a two-year and a 10-year period, making it clear that cyber risks will remain a constant and significant concern over the next decade.

The report is based on a survey of 1,200 - plus risk experts, including the WEF’s Global Risks Report Advisory Board and its Chief Risk Officers Community, as well as thematic experts from academia, business, the international community, civil society and the government.

Global Risks Ranked by Severity over the Short and Long Term

(Source: World Economic Forum’s “Global Risks Report 2023”, January 2023)

The WEF believes the technology sector will be among the “central targets of stronger industrial policies and enhanced state intervention” due to emerging technologies that will yield advancements in AI, quantum computing, biotechnology and other technologies. While these new advancements may provide partial solutions to the emerging global health, food and climate crises, they will also exacerbate various cyber threats and risks, making countries more vulnerable and susceptible to catastrophic cyber attacks that could disrupt critical resources and services.

Specifically, the WEF predicts a rise in cybercrime, with more attacks against agriculture and water, financial systems, public security, transport, energy, communication infrastructure and more. In fact, cyberattacks on critical infrastructure ranked 5th among what the WEF calls “currently manifesting risks” which are expected to have a global impact this year.

The WEF warns that these cyberattacks are not limited to malicious threat actors, but will also be the result of sophisticated analysis of large data sets that can lead to misuse of personal information through legitimate legal mechanisms, endangering people’s privacy even in democracies.

A call for global cooperation

The report highlights the need to tackle global cybercrime in particular, with the WEF calling for more cooperation between countries including more transparent information sharing, international rules and joint efforts.

The WEF is currently involved in collaborative efforts with public and private sector partners in the areas including:

• Free cybersecurity training and education
• Research into risks from next-generation technologies
• Guidance for IOT security

Regarding how experts felt about the outlook for the world in the longer term, only about one in five respondents felt optimistic, predicting “limited volatility with relative and potentially renewed stability over the next 10 years.” Meanwhile, more than half of respondents anticipated “progressive tipping points and persistent crises leading to catastrophic outcomes over the next decade, or consistent volatility and divergent trajectories.”

Taking a global cybersecurity outlook

Additionally, the WEF is calling on security leaders to do a better job explaining to their business peers the various cyberthreats faced by their organizations. Along with geopolitical instability and emerging technologies, lack of available talent and increasing shareholder and regulatory expectations represent just some of the significant challenges that concern cyber and business leaders.

Its “Global Cybersecurity Outlook 2023”report stresses the importance of clearly articulating the impact of cyber risks to business leaders. It finds that unclear communications hampers efforts to reduce cyber risk. The report also revealed that more than 93% of cyber leaders and 86% of business leaders think it is “moderately likely” or “very likely” that global geopolitical instability will lead to a far-reaching, catastrophic cyber event in the next two years.

How likely is it that geopolitical instability will lead to a far-reaching, catastrophic cyber event in the next two years?

(Source: World Economic Forum’s “Global Cybersecurity Outlook 2023” report, January 2023)

The WEF challenges leaders to “think more deeply about cybersecurity and listen more intently to cyber experts, and to each other, in order to ensure our shared resilience.” Additionally, the WEF urges cybersecurity leaders to refrain from using language that is too technical and jargony. Instead, it recommends using language their business counterparts will fully understand and can act upon.

Furthermore, although communication between cyber and business leaders may have increased due to the rising geopolitical tensions in various regions, their conversations tend to focus on news about cyber incidents, rather than on why these incidents are relevant to their organization and how to best support cyber leaders to manage their responses.Too often, business and cybersecurity leaders don’t spend enough time discussing strategic initiatives and investments for reducing cyber risk..

The report provides several recommendations to bridge the communications gap between the two including:

• Adopt a “common language” that represents cybersecurity data, using metrics that matter to business leaders, board members and other non-technical parties

• Implement organizational changes to “embed” discussions about cyber risks across the business, and make these conversations more fluid and effective

• Make business leaders accountable for establishing operational cyber requirements and priorities

Learn more

For more information about the “Global Cybersecurity Outlook 2023” check out the full report, highlights, commentary, and recommendations, as well as press coverage from Modern Diplomacy, ComputerWeekly, Help Net Security and Infosecurity Magazine.