Most of the world’s economies are underestimating the potential effect of cyber attacks on businesses and their economies, the World Economic Forum (WEF) warned.
A major study by the WEF reveals that, with the exception of the US, most countries have underplayed the risks of cyber attacks on their economic well-being.
The warning comes as business leaders, politicians, and academic and non-government organisations prepare for the Davos summit on 20-23 January 2016 to discuss the “fourth industrial revolution” and the global impact of new technologies.
Technology will have a vital role in controlling disease, monitoring climate change, and growing economies, but it also presents new challenges.
Businesses of all sizes have been affected by complex cyber attacks, and have suffered economic, legal and reputational damage, the WEF’s Global Risks Report 2016 revealed.
Cost of cyber crime
Studies show that cyber crime cost the global economy £445bn in 2014. The costs will be much higher if economic espionage and state sponsored hacking are taken into account.
However, only eight economies have concluded that cyber attack is a risk of the highest concern: Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland and the US.
The findings reveal a lack of appreciation of the effect of cyber crime in the rest of the world, said John Drzik, chairman of the Global Risk Centre at Marsh & McLennan, and one of the contributors to the risk report.
According to Drzik, US companies are more aware of cyber risks because legal requirements to report security breaches have focused the minds of company leaders. As a result, 90% of the world’s cyber insurance is taken out in the US.
“I think there is going to be similar regulation [outside the US] and that is going to trigger the growth of the insurance market and bring more attention in the corporate sphere,” he said.
The report warns that the threat of sophisticated government-sponsored espionage exceeds the ability of companies to defend themselves.
Risk of cyber war grows
Over the past year, the number and impact of cyber attacks has increased. Hackers are turning their attention to industrial control systems, placing power plants, transportation and other infrastructure at risk, Drzik told Computer Weekly.
“There was the recent cyber attack in the Ukraine on a power plant and an industrial control system. There were earlier attacks in Germany on manufacturing systems and there are unreported attacks as well,” he said.
Every future conflict will have a cyber-element and some may be fought entirely in cyberspace, said the WEF. Physical infrastructure for exchanging data, such as undersea cables, could also become a target for international conflict.
Although terrorist groups have not yet resorted to cyber warfare, this may change in the future. “You have certainly seen organised crime – a different form of terrorism – participating in this sphere,” said Drzik.
Hacking attacks, which have led to loss of confidential information, have cost companies millions of dollars – but companies have lost far more through damage to their reputation.
“If your customer base starts to worry about you being unreliable and being unable to protect confidential data, they may go to a different company – the reputational amplifier can be enormous,” said Drzik.
Some companies have invested in sophisticated technology to monitor and detect security breaches. However, said Drzik, companies realise they cannot prevent every attack and will spend more resources to mitigate and managing the effects of an attack.
Cyber arms race
“We are not only in a cyber arms race between countries, but between the security community and the hackers. If you are on the defence, you are trying to get ahead of the offence, but it’s going to go back and forth and it’s not going to go away,” said Drzik.
Political risks could affect the take-up of digital technology, with policy changes and legal uncertainty hampering investment in the latest technology, the WEF warned.
The regulatory regime is underdeveloped, and lacks legal certainty in areas such as privacy, transparency, encryption control and intellectual property rules when data crosses boarders, it says.
Drzik said that companies need more sophisticated insurance against cyber attacks and it will need to extend to cover business interruption and property damage, which could result from attacks against industrial systems.
“There is more demand than there is supply because insurers are just getting ready to underwrite bigger volumes of cyber risk and are getting to grips with the character of the risk,” he said.