The Devil’s in the [Davos] Details — A quick look at this year’s WEF Global Risks Report

It’s Davos time again. Each year the World Economic Forum (WEF) gathers the global elite together to discuss how they’re going to shape our collective future. WEF also releases their annual Global Risks Report at the same time. I read it every year and have, in the past, borrowed some risk communication visualization idioms from it since — in theory — senior executives are supposed to be able to understand them (the report is designed for consumption by senior leaders across the globe).

I also read it to gauge what the general public groks about risks associated with cybersecurity (since that’s a core part of my day job). One way to do that is to see how many “cyber”-related things appear in the report and get rated in their top 30 risks section. They intuit these risks from conducting surveys across samples of many populations (this is their visualization for the composition):

This post is less about “cyber” and more about bringing three “details” out of the report.

Detail #1 : Methodology Matters

Page 65 of the PDF report indicates they modified both the underlying foundations for the initial Impact and Likelihood scales and mentions that:

It is worth noting that, as a consequence of the scale modification, the impact results cannot be compared with those of previous years.

One more time: you can’t compare this year over year. They’ve done this re-jiggering before, so unless you’re just looking at relative positions of named big risk buckets you really can’t glean anything by looking at previous reports next to latter reports or previous risks to current risks in any detailed way. Remember: Always read the “methodology” section of any report. If it doesn’t have one, consider using it for kindling.

Detail #2 : CYA (Check Your Axes)

I generally end up giving the production team behind the Global Risks Report minor-to-major kudos each year as they usually produce a slick PDF (I’m sure the printed version looks spiffy as well) with occasional usefully-innovative visualization choices. One of their seminal charts is the global risks likelihood/impact scatterplot that I’m sure most folks familiar with risk-oriented visualizations have seen:

There’s a visible area “mini-map” with both the online and print versions:

I believe there’s going to be a very real tendency to overlook the minimap and to read the risk chart without looking at the axis values and interpret it as the risks in the lower left hand corder as being “low” and those in the upper right hand corner as being “high” (it’s how risk scatterplots are designed).

The zoomed in view will also likely cause readers to think that some risks are very widely separated from others. They’re not. They are pretty much in 3 buckets and are pseudo-squishy-medium-yellow-ish risks (which can mean that the risk estimators hedged their guesses). I realize they zoomed in to enable seeing the labels for the risks and possibly compare the diamond sizes; while not as pristine, we can show them with their names on the full risk board (tap/click it to focus only on the chart):

Remember, these are the top risks and they are squishy. They could be squishier and it’s worth noting that they also look much closer together in the macro view. Perhaps the world isn’t so risky after all.

Detail #3 : Group Responses

The methodology section of the report provides equations that document how they aggregated the risk estimates across their sample groups. The team behind the report also made interactive versions. You can & should go there to see how each group assessed the pool of risks. Thankfully, they didn’t use a closed and expensive system like Tableau to make those interactive graphics, which means we can peek behind the scenes and grab the data ourselves (github link for the cleaned & combined data at the end of the post). Here are the zoomed-in/zoomed-out breakdowns between the groups:

WEF brought “opposite” groups to the table to make risk estimates, so we can also use this data to compare their overall risk scores (with a lazy impact x likelihood valuation) between opposite groups:

Environmental risks bubbled to the top, possibly as a result of holding the survey in a time when drought and breaking ice-shelfs are top-of-mind. Keen observers will note that those are zoomed in views. Here are the same slopegraphs on the full range of risk values:

That paints an even better picture of the squishiness of said risks.


One could deep-dive into many of those charts to pull out some interesting things, especially the how various opposite groups rated various risks (though there were only a few semi-stark contrasts). Actually, you can deep dive into them as the full data from the risk rating interactive visualizations and the R code that generated the above charts are all at

Even if there is little efficacy to this annual event, you now have some ++gd data to practice with in ggplot2, dplyr and tidyr.

Cover image from Data-Driven Security
Amazon Author Page

9 Comments The Devil’s in the [Davos] Details — A quick look at this year’s WEF Global Risks Report

  1. Pingback: The Devil’s in the [Davos] Details — A quick look at this year’s WEF Global Risks Report – Cyber Security

  2. Pingback: The Devil’s in the [Davos] Details — A quick look at this year’s WEF Global Risks Report | A bunch of data

    1. hrbrmstr

      Heh. I’ll try to later this week. For now, in my experience, when doing risk estimation things tend to get stuck right in the middle area as folks are unwilling to commit to “low” or “high” in the event they are found out to be wrong. If you estimate likelihood and impact to have the end result right in the middle you are — more often than not — hedging your bets. I need to read the entire survey questions (if available) but said questions also tend to be such that one has a hard time committing to values that would result in low or high. The fact that none of the 30 “top risks” are square in the upper-rightmost square is suspect to me, especially when they changed the rating scales.

  3. basti

    Hi hrbrmstr. Thanks for your post. I wanted to reproduce your example, but failed to load the csv file. Your code produces: “Fehler: No root directory found. Test criterion:
    Contains a file matching ‘[.]Rproj$’ with contents matching ‘^Version: ‘ in the first 1 lines”
    The csv does not have a usual table format, so how can I read it into R properly?

    Thanks in advance

    1. hrbrmstr

      I just did (hopefully this will format well) the following in the macOS Terminal:

      cd /tmp
      git clone
      open devils_in_the_davos_details/*j

      That opened up RStudio.

      In RStudio I went to the “R” directory in the project and then opened up devils_in_the_davos.R. I then hit Cmd-Shift-K to knit/spin the script and it worked w/o incident.

      If I avoid opening RStudio and do:

      cd /tmp
      git clone
      cd devils_in_the_davos_details
      Rscript -e 'rmarkdown::render("./R/devils_in_the_davos.R")' && open R/devils_in_the_davos.html

      it also works fine.

      You’ll need to change the path to the file if you’re going to try to execute the R script line-by-line vs spin it.

      1. basti

        Thanks for your answer. Both solutions do not work for me, because I do not have the permission to clone from github.

        Does file.path(rprojroot::findrstudioroot_file(),”data”, “wef2017risks.csv”) only navigate to the csv file?

        When I instead try to read in the wef2017risks.csv file with read_csv directly, the following error occurs:
        “Warnung: 273 parsing failures.
        row col expected actual
        72 — 1 columns 3 columns
        80 — 1 columns 3 columns
        82 — 1 columns 3 columns
        84 — 1 columns 3 columns
        86 — 1 columns 3 columns
        … … ……… ………
        See problems(…) for more details.

        Unnamed col_types should have the same length as col_names. Using smaller of the two.”

        How can I read in the csv properly or should I rather read in the html file which is located in


        1. hrbrmstr

          EVERYONE has permission to clone from GitHub unless they’re private repos. You can’t use the git@… URI since you aren’t part of the project but you can use the URI (i.e. git clone OR you can download the pre-built ZIP files that GitHub makes available from the “Clone or download” button: You are correct, though, that the line wef2017_risks <- read_csv(file.path(rprojroot::find_rstudio_root_file(), "data", "wef2017risks.csv"), col_types="ccddccc") uses find_rstudio_root_file to find the data file.

          1. basti

            Thanks for your help. I used this: git clone A new R-Session started and after loading the csv file, I write_csv this R object into a csv. This new csv could of cource be easily loaded into R as it is now in a proper table format.

            With that, all other things went fine. Allthough, I could not use your themes because of missing fonts. But that is not a real problem for me.

            Thanks and I really like to read your blog! (For instance the blog post about unemployment in the USA disaggregated by education)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.