Dive Brief:
- The World Economic Forum warned the current level of global instability could lead to a catastrophic cyberattack within the next two years, officials said in a Wednesday press conference.
- The vast majority of business leaders, 86%, believe such an event is possible, the WEF said, citing research in the Global Cybersecurity Outlook Report 2023, a forecast based on surveys, interviews and workshops with more than 300 business leaders and security experts from around the globe. Accenture conducted the survey in conjunction with the WEF's Centre for Cybersecurity.
- Global corporations are so dependent on technology currently that half of those surveyed said that cybersecurity was now a consideration about which countries they will invest and do business in.
Dive Insight:
The report highlights the rising fears about how the growing political instability across the globe, including events like Russia's invasion of Ukraine, could result in a catastrophic cyberattack.
Following the onset of the coronavirus pandemic, the global supply chain became more dependent on automation, and a large number of countries and private sector organizations lack the existing investment or the available number of workers to mitigate the impact of such an event.
Julie Sweet, Accenture chair and CEO, referenced data showing 43% of business leaders said they expect such a cyber event to have a material impact on their businesses, while only 27% believe they are cyber resilient.
“The gap between cyber resilient companies and the likelihood of a materially catastrophic event is significant,” Sweet said.
Albanian Prime Minister Edi Rama noted the country has been under an extensive cyberattack that began in the summer of 2022 from actors backed by Iran, pointing out the toll it can take on a relatively small country like his in terms of resources.
“It’s not something we can match in terms of finance, in terms of ruthlessness, in terms of anti-democratic behavior and so on,” Rama said.
As previously reported, the U.S. Treasury Department in September announced sanctions linked to this activity, with officials linking the threat actors to an APT group known as MuddyWater.
Jürgen Stock, secretary general of Interpol, said combating cybercrime will require victims of these crimes, including companies and individuals, to come forward and cooperate.
Companies need to do more to anticipate cyberthreats, because cyber criminals are outsourcing attacks through ransomware as a service operations and using much more sophisticated methods to launch attacks.
“The criminals are investing their huge profits into new tools, into the sophisticated tools,” Stock said at the press conference. “We have to make sure we keep pace, but also that we are further developing the global architecture of security.”
C-suite executives are becoming more aware there is a global problem with cybersecurity, said Nikesh Arora, chair and CEO of Palo Alto Networks. But the industry is behind due to years of underinvestment.
“That’s the sort of part we all have to work on collectively,” Arora said. “Nobody seems comfortable that they have it under control.”