Each year the World Economic Forum releases their Global Risk Report around the time of the annual Davos conference. This year’s report is out and below are notes on the “cyber” content to help others speed-read through those sections (in the event you don’t read the whole thing). Their expert panel is far from infallible, but IMO it’s worth taking the time to read through their summarized viewpoints. Some of your senior leadership are represented at Davos and either contributed to the report or will be briefed on the report, so it’s also a good idea just to keep an eye on what they’ll be told.
Direct link to report PDF: http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf.
“Cyber” Cliffs Notes
- Cyberattacks moved out of the Top 5 Global Risks in terms of Likelihood (page 2)
Cyberattacks remain in the upper-right risk quadrant (page 3)
Cyberattacks likelihood estimation reduced slightly but impact moved up a full half point to ~4.0 (out of 5.0) (page 4)
Cyberattacks are placed as directly related to named risks of: (page 5)
- information infrastructure breakdown, (76.2% of the 200+ member expert panel on short-term outlook)
- data fraud/theft, (75.0% of the 200+ member expert panel on short-term outlook) and
- adverse tech advances (<70% of the 200+ member expert panel on short-term outlook)
All three of which have their own relationships (it’s worth tracing them out as an exercise in downstream impact potential if one hasn’t worked through a risk relationship exercise before)
Cyberattacks remain on the long-term outlook (next 10 years) for both likelihood and impact by all panel sectors
Pages 61-71 cover the “Fourth Industrial Revolution” (4IR) and cyberattacks are mentioned on every page.
- There are 2025 market projections that might be useful as deck fodder.
- Interesting statistic that 50% of the world’s population is online and that one million additional people are joining the internet daily.
- The notion of nation-state mandated “parallel cyberspaces” is posited (we’re seeing that develop in Russia and some other countries right now).
- They also mention the proliferation of patents to create and enforce a first-mover advantage
- Last few pages of the section have a wealth of external resources that are worth perusing
- In the health section on page 78 they mention the susceptibility of health data to cyberattacks
They list out specific scenarios in the back; many have a cyber component
- Page 92: “Geopolitical risk”: Interstate conflict with regional consequences — A bilateral or multilateral dispute between states that escalates into economic (e.g. trade/currency wars, resource nationalization), military, cyber, societal or other conflict.
Page 92: “Technological risk”: Breakdown of critical information infrastructure and networks — Cyber dependency that increases vulnerability to outage of critical information infrastructure (e.g. internet, satellites) and networks, causing widespread disruption.
Page 92: “Technological risk”: Large-scale cyberattacks — Large-scale cyberattacks or malware causing large economic damage, geopolitical tensions or widespread loss of trust in the internet.
Page 92: “Technological risk”: Massive incident of data fraud or theft — Wrongful exploitation of private or official data that takes place on an unprecedented scale.
Hopefully this saved folks some time, and I’m curious as to how others view the Ouija board scrawls of this expert panel when it comes to cybersecurity predictions, scenarios, and ratings.