Despite concerns about AI and robots, adverse consequences of technological advances are still seen as a comparatively lower risk
Two of the top five most likely global risks are cyber risks, according to the Global Risk Report 2018, released yesterday by World Economic Forum. Risks of cyberattacks and data fraud or theft are seen by WEF members as the third and fourth most likely risks in 2018, next only to two environmental risks, extreme weather events and natural disasters.
The events of 2017 have also led to cyberattacks being seen as the 6th most impactful perceived global risk in 2018. This is the highest rank for a technological risk in the list of most impactful risks since the beginning of the publication of the report in 2012. This means cyberattacks are seen to impacting the earth more than food crises, biodiversity loss, large scale involuntary migration (refugee crisis) and spread of infectious diseases.
As in previous years, this year’s report also draws on WEF’s annual Global Risks Perceptions Survey (GRPS), which is completed by around 1,000 members of its multi-stakeholder communities.
According to the GRPS, cyber threats are growing in prominence, with large-scale cyberattacks now ranked third in terms of likelihood, while rising cyber-dependency is ranked as the second most significant driver shaping the global risks landscape over the next 10 years.
“Although in previous years respondents to the GRPS have tended to be optimistic about technological risks, this year concerns jumped, and cyberattacks and massive data fraud both appear in the list of the top five global risks by perceived likelihood,” observed the report.
The fear is real, illustrates the report
Cyber breaches recorded by businesses have almost doubled in five years, from 68 per business in 2012 to 130 per business in 2017, according to Accenture 2017 Cost of Cyber Crime Study. Having been choked off by law enforcement successes in 2010–2012, “dark net” markets for malware goods and services have seen a resurgence, noted an IBM report in March 2017.
In 2016 alone, 357 million new malware variants were released and “banking trojans” designed to steal account login details could be purchased for as little as USD 500, says the report quoting Symantec ITR. In addition, cybercriminals have an exponentially increasing number of potential targets, because the use of cloud services continues to accelerate and the Internet of Things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020, according to Gartner.
“What would once have been considered large-scale cyberattacks are now becoming normal,” the report notes.
In 2016, companies revealed breaches of more than 4 billion data records, more than the combined total for the previous two years, according to an IBM whitepaper quoted by the report. Distributed denial of service (DDoS) attacks using 100 gigabits per second (Gbps) were once exceptional but have now become commonplace, jumping in frequency by 140% in 2016 alone, says Akamai report. And attackers have become more persistent—in 2017 the average DDoS target was likely to be hit 32 times over a three-month period, according to the Akamai report.
The financial costs of cyberattacks are rising. A 2017 study of 254 companies across seven countries put the annual cost of responding to cyberattacks at GBP 11.7 million per company, a year-on-year increase of 27.4%, according to Accenture. The cost of cybercrime to businesses over the next five years is expected to be USD 8 trillion, according to a Juniper research.
Ransomware attacks accounted for 64% of all malicious emails sent between July and September last year. Notable examples included the WannaCry attack, which affected 300,000 computers across 150 countries, and Petya and NotPetya, which caused huge corporate losses.
Beyond its financial cost, the WannaCry attack disrupted critical and strategic infrastructure across the world, including government ministries, railways, banks, telecommunications providers, energy companies, car manufacturers and hospitals. It illustrated a growing trend of using cyberattacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst- case scenario, attackers could trigger a breakdown in the systems that keep societies functioning. Many of these attacks are thought to be state sponsored. WannaCry’s ultimate impact was relatively low, largely because a “kill switch” was discovered, but it highlighted the vulnerability of a wide range of infrastructure organizations and installations to disruption or damage.
Since the 2015 attack on Ukraine’s power grid—which temporarily shut down 30 substations, interrupting power supply to 230,000 people— evidence has been mounting of further attempts to target critical infrastructure. In 2016, for example, an attack on the SWIFT messaging network led to the theft of USD 81 million from the central bank of Bangladesh. The European Aviation Safety Agency has stated that aviation systems are subject to an average of 1,000 attacks each month. Last year saw reports of attempts to use spear-phishing attacks (stealing data or installing malware using individually targeted email scams) against companies operating nuclear power plants in the United States.
“Most attacks on critical and strategic systems have not succeeded—but the combination of isolated successes with a growing list of attempted attacks suggests that risks are increasing. And the world’s increasing interconnectedness and pace heightens our vulnerability to attacks that cause not only isolated and temporary disruptions, but radical and irreversible systemic shocks,” says the report.
In addition to cyberattacks, other technology risk identified by the report include critical information infrastructure breakdown, which is seen to have more possible impact than fiscal crises and social instability and adverse consequence of technological advances, which still ranks low in terms of both impact and likelihood but with AI and robotics developing fast, it could emerge as a bigger risk in the years to come.
(Part of the text here is rephrased from the WEF Global Risk Report)