Fotimmz - Fotolia

Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations

Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming

The threat of widespread cyber crime and vulnerabilities in cyber security are among the most severe risks facing businesses, governments and the public over the next decade.

Cyber attacks will disrupt critical resources and services, including agriculture, water, financial systems, transport and communications, the World Economic Forum predicted today.

State and criminal hacking are set to put more pressure on organisations already struggling with rising prices and energy shortages, according to the WEF’s Global risks report 2023.

The growing vulnerability of governments and businesses to technology will be one of the key risks under discussion as business leaders, politicians, academics and non-government organisations meet at the World Economic Forum in Davos from 16-20 January 2023.

Carolina Klint, risk management leader for continental Europe at insurance broker Marsh, and a contributor to the Global risks report, said governments and organisations that should be investing in resilience are having to focus on wider economic problems.

“2023 is set to be marked by increased risks related to food, energy, raw materials and cyber security, causing further disruption to global supply chains and impacting investment decisions,” she said.

“At a time when countries and organisations should be stepping up resilience efforts, economic headwinds will constrain their ability to do so,” she added.

The WEF identifies interconnected global risks that could undermine efforts to tackle longer-term problems such as climate change, biodiversity and investment in skills and training.

Top risks facing organisations 

Over the next two years, the WEF identified the cost-of-living crisis, natural disasters and extreme weather events, and geo-economic confrontation as the most severe risks facing organisations and populations. 

The failure of countries to mitigate climate change, erosion of social cohesion, and damage from large-scale environmental incidents also feature high in the top 10 risks facing the world.

Over the next 10 years, climate change, natural disasters and extreme weather, the collapse of ecosystems and loss of bio-diversity present the greatest longer terms risks.

And for the first time, the WEF listed widespread cyber crime and cyber insecurity among the top 10 most severe short-term and long-term risks facing organisations and governments.

It anticipates attacks against agriculture, water, financial systems, public security, transport and energy infrastructure, coupled with attacks on undersea or space-based communications infrastructure.

Russia, for example, was responsible for concerted cyber attacks against Ukraine last year, targeting communications, financial websites and electricity grids.

At the same time, state actors used data theft and deep-fake technology to disrupt the movements of refugees, medicine and food supplies.

Technology arms race on the horizon

A rise in defence spending around the world since 2010, which has been given further impetus by the war in Ukraine, is expected to drive the development of technologies that have dual-use military and civilian applications.

Military innovations will have knock-on benefits for economic productivity, preventative medicine, climate modelling and the development of new materials, the World Economic Forum predicted.

However, emerging technologies will increasingly be the subject of state-imposed export restrictions that will limit the flow of skilled people, data and intellectual property.

Ultraviolet lithography equipment, used for making advanced computer chips, and metals and minerals used to make electronic devices are likely to be subject to state controls.

Less wealthy countries in the southern hemisphere risk being “priced out” of advances in technology.

New technologies will change the nature of conflict, which will expand from land, sea and air to include cyber space and outer space.

Nation states will use cyber and information warfare to target vulnerabilities in military technology and to launch disinformation campaigns.

Directed energy weapons are expected to make significant progress over the next 10 years, and will have the potential to disable satellites, electronics, communications and global navigation systems.

New risks to privacy rights

The sophisticated analysis of data by governments and private companies will expose people to greater risks that their personal information will be misused, even in well-regulated, democratic countries, the WEF warned.

The use of analytics technology, combined with large datasets, means that even in strongly regulated democratic countries, personal data will be placed at risk.

“Individuals will be targeted and monitored by the public sector to an unprecedented degree, often without adequate anonymity or consent,” the report warned.

There are concerns over the use of surveillance cameras and other biometric technology to analyse emotions, and the ability of automated chatbots to collect a wide range of personal data.

Employers have increased remote tracking of employees working from home in the wake of the Covid pandemic, through cameras, keystroke monitoring, productivity software and audio recordings.

As people’s lives become increasingly digital over the next decade, information about their daily activities will be recorded as they travel through smart cities and use internet-enabled devices.

The advent of the metaverse, which could collect sensitive data, including facial expressions, gait, medical data, brainwave patterns and voice inflexions, will expand commercial surveillance further.

Data de-anonymisation

As more data is collected and sold, the risks of identifying people by combining anonymised data with other datasets will grow.

Researchers have already uncovered the political preferences of the users of streaming services, matched DNA profiles and linked medical billing records to individuals recorded in anonymous datasets.

Hostile governments may be able to use anonymised data shared by other states to identify and track vulnerable refugees or identify the location of camps, or disrupt the supply chains for critical goods.

Data on race, ethnicity, sexual orientation and immigration status can be legally obtained in some locations and de-anonymised.  In some cases, such data has been used for harassment and abuse.

In the US, and other jurisdictions, data is aggregated and sold with few regulatory restrictions, which allows law enforcement agencies to obtain personal data, such as a person’s mobile phone location history, without a warrant.

Police in the US, in theory, could use automated licence plate data, which is available from private companies and government agencies, to prosecute people who travel out of their state to have abortions.

Countries with poor human rights records have already used spyware to track activists and clamp down on political protesters in the Middle East.

In Africa, privacy has been eroded by biometric programmes that deploy CCTV with facial recognition and require mandatory registration for SIM cards.

The collection and aggregation of personal data is essential for innovation and can benefit society by, for example, improving healthcare.

But governments may struggle to balance the potential harm to individual privacy against the benefits of emerging technologies.

Combined with the risk of cyber attacks and tighter data laws, it is likely that voluntary disposal and deletion of data will become a greater priority for companies.

Ripple effect on natural resources

The deeply interconnected nature of the risks facing the world gives rise to “polycrises”, where different crises interact in a way that has a greater impact than each crisis taken on its own.

The erosion of political cooperation between nation states will create a ripple effect that will impact the supply and demand of natural resources, leading to shortages of food, water, metals and minerals.

Potential scenarios include wars over water, over-exploitation of natural resources, and a slowdown in attempts to mitigate the effects of climate change.

The WEF predicted that at least the next two years will be marked by consistent volatility and multiple shocks, though there are signs that the world may become more stable in the next 10 years.

Window for change

Given the interconnectedness of risks, shoring up resilience in one area can have a multiplier effect by reducing related risks.

The WEF said there was still a window for governments and organisations to act to increase security in the future.

“As a deteriorating economic outlook brings tougher trade-offs for governments facing competing social, environmental and security concerns, investment in resilience must focus on solutions that address multiple risks,” the WEF said in its report.

These include funding measures that mitigate the risk from climate change and investing in the development of people and skills.

The WEF said some of the risks identified this year were close to tipping point.

“This is the moment to act collectively, decisively and with a long-term lens to shape a pathway to a more positive, inclusive and stable world,” it said.

One of the authors, Klint, said companies should not ignore longer-term risks as they grapple shorter-term problems.

“Faced with the most difficult geo-economic conditions in a generation, companies should focus not just on navigating near-term concerns, but also on developing strategies that will position them well for longer-term risks and structural change,” she said.

The Global risks report is based on the views of 1,200 experts and 12,000 business leaders in 121 economies.

Read more about the WEF Global risks report

Read more on IT risk management