The annual World Economic Forum (WEF) Global Risks Perception Survey this year again includes two cybersecurity risks in the top five perceived long-term (10-year) risks. It is the same five as last year, although the order has changed. ‘Data fraud or theft’ is still considered the fourth risk, but ‘cyber-attacks’ have dropped from third to fifth.
The top three risks are environmental, largely driven by increasing concern over the effects of climate change. As last year, ‘extreme weather events’ is the primary concern. Second is ‘failure of climate-change mitigation and adaptation’ (up from fifth last year). Third is ‘natural disasters’ (down from second last year).
This is not a celebratory optimistic report — rather it reflects deep concern among the world’s business leaders. “Is the world sleepwalking into a crisis? Global risks are intensifying but the collective will to tackle them appears to be lacking. Instead, divisions are hardening.” Central to this is increasing worldwide nationalism. “We are drifting deeper into global problems from which we will struggle to extricate ourselves.”
This underlying growth in nationalism over globalism is hindering efforts to solve the world’s problems.
“The challenge of establishing norms that can be enforced globally is exacerbated by geo-economic competition across advanced technologies,” says the report (PDF). It is here specifically discussing biological risks, but the argument could be applied to all the risks highlighted in the survey. In the cyber world, it is the primary cause for the lack of interest in Microsoft’s norms for international cyber behavior and its calls for a Cyber Geneva Convention.
Reflecting such concerns, the top three short-term risks are all political: ‘economic confrontations between major powers’, ‘erosion of multilateral trade agreements’, and ‘political confrontations between major powers’. The fourth is cyber-attacks involving the theft of data or money, and the fifth is cyber-attacks involving the disruption of operations and infrastructure.
In reality, all five risks are likely — at least initially — to be played out in cyber. The current confrontation between the West and Russia is likely behind Russia’s widespread election meddling via fake news distributed via social media. “In the digital era, efforts to promote (or disrupt) political values in other countries have become increasingly contentious,” notes the report.
The current trade war with China is partly caused by China’s cyber theft of U.S. intellectual property, but will likely result in increased efforts to steal more. And ‘political confrontations’ between major powers are already causing deep cyber intrusions into national infrastructures as each side seeks an advantage over the other in case of future kinetic warfare.
Direct cyber concerns are discussed in their own section of the report: ‘Technological instabilities’. Eighty-two percent of respondents to the survey expect increased risks to the cyber theft of data and money in 2019. Eighty percent expect disruptions to operations. Around 66% expect risks associated with fake news and identity theft to increase. Sixty percent expect loss of privacy to companies and governments to increase.
These concerns are built on the history of massive data breaches through 2018. The largest was in India, where breaches reported by Aadhaar potentially compromised the records of all 1.1 billion registered citizens. The MyFitnessPal breach affected around 150 million users, and a Facebook breach affected 50 million users. The Marriott Hotels breach of 383 million people in November probably came too late in the year for inclusion. Forbes has suggested that the total cost to Marriott may approach $9 billion.
Cyber-attacks against critical infrastructure get a special mention. “The second most frequently cited risk interconnection in this yearís GPRS was the pairing of cyber-attacks with critical information infrastructure breakdown.”
So too does artificial intelligence — but more in its ability to create problems than to solve them. The Brookings survey that showed 32% of respondents see AI as a threat to humanity while only 24% do not, is cited. IBM’s DeepLocker AI-powered malware is cited as an example of the negative potential of AI in cybersecurity.
Cyber figures strongly in the section titled ‘Future Shocks’. These are not predictions, but areas where current developments may lead to unforeseen and unwanted effects. Technology pervades these possibilities generally, but figure specifically in three of the ten potential shocks. The first is the effect of quantum computing on current digital cryptography. Current cryptography will be effortlessly cracked by quantum computing, and by the time new protections are in place, many secrets will likely be already lost.
“A collapse of cryptography would take with it much of the scaffolding of digital life,” warns the report. “These technologies are at the root of online authentication, trust and even personal identity. They keep secrets — from sensitive personal information to confidential corporate and state data — safe. And they keep fundamental services running, from email communication to banking and commerce.”
The second future shock is that advanced biometric surveillance could allow new forms of social control. It is the combination of increasing, improving and pervasive biometric recognition systems, massive personal data collection into huge big-data banks, and advances in artificial intelligence that are the problem. “Global politics will be affected,” warns the report: “authoritarianism is easier in a world of total visibility and traceability, while democracy may turn out to be more difficult.”
‘Emotional disruption’ is the third future shock, based on ‘affective computing’. Built on the existing success of fake news and echo chambers in social media aimed at electoral interference and micro-targeted advertising, what else could happen? “New possibilities for radicalization would also open up, with machine learning used to identify emotionally receptive individuals and the specific triggers that might push them toward violence. Oppressive governments could deploy affective computing to exert control or whip up angry divisions.”
The WEF Global Risks Perception Survey 2019 combines the opinions of around 1000 experts and decision makers in the survey with the invited opinions of selected specialist experts. It is produced in partnership with Marsh & McLennan Companies and Zurich Insurance Group.
Related: World Economic Forum Announces Global Centre for Cybersecurity
Related: Cyberattacks Top Risk to Business in North America, EAP, Europe: WEF
Related: World Economic Forum Publishes Cyber Resiliency Playbook