Cyber Attacks among the top five risks identified in WEF Global Risk Report 2012

I was not at all surprised that the World Economic Forum WEF Global Risk 2012 report showed up “Cyber Attacks” among the top five risks rated by likelihood for the first time since its seven years of inception. A similar Global Economic Crime Survey report from PwC titled “Cybercrime: protecting against the growing threat” also saw cybercrime among the top four economic frauds. This was inevitable, as 2011 witnessed several visible cyber attacks on corporate, governments and utilities. Media reports and prominent disclosures by Hacktivists clearly demonstrated the lack of cyber security preparation by major companies.

The exponential rise in connected devices such as mobile phones, home networks, smart grids and smart cities raised the specter of a single vulnerability creating a catastrophic disruption in the global information infrastructure. Cyber attacks is a key threat vector which can be executed remotely and with near anonymity by a variety of state and non-state actors.

It was quite clear that while the risk appeared on the radar, there was not much being done about it, as stakeholders did not seem to view the risk as impactful, and favorably viewed the benefits of a connected world over the risk. One of the main reasons for this view was that terrorism, crime and war in the online world have so far been less deadly that physical counterparts.

One of the key conclusions of the report was the need to obtain a firm understanding of the security problem by improving the quality of risk reporting through empirical research. Current research by security vendors is viewed with skepticism because of the possibility of bias, and non vendor research in infancy because victims prefer to remain silent.

In the long-term reliable indicators of crimes, attacks and losses is key to ensure that the full impact of cyber attacks and crime is known, its economic consequences measured and investments made to reduce their impact.