Governments are being urged to put aside their political differences to collaborate on cyber security defence amid evidence that cyber attacks have caused the global economy more damage than hurricanes, floods and other natural disasters.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Last year was the worst on record for natural disasters, causing an estimated $300bn worth of damage, yet the losses from cyber crime in 2017 are expected to be far greater at about $1tn, according to figures released by the World Economic Forum (WEF) last week.
The WEF, which runs the annual summit of world leaders, businesses, academics and non-government organisations, is backing the creation of a Global Centre for Cyber Security, which is claimed to be the first organisation to tackle cyber security on a global scale.
The forumâs advisers warn that the cost of cyber crime to the global economy could soon reach $500bn a year â approaching the GDP of Switzerland, which stood at $659bn last year.
Ransomware including WannaCry, which was based on leaked National Security Agency hacking tools, caused devastation in the UKâs National Health Service and in companies around the world. It was followed by Petya and NotPetya, which caused more chaos.
A successful attack on a major cloud provider could cause damage in region of $120bn â somewhere between the cost of Hurricane Sandy and Hurricane Katrina, said John Drzik, an adviser to the WEF and president for global risk and digital at Marsh, an insurance broking and risk management company.
Cyber crime is the risk most likely to intensify in 2018, said Drzik. Yet the infrastructure and planning that governments and companies have put in place for environmental risks far exceed the resources put into cyber defence.
Experts at the WEF argued that governments have an unique opportunity, as the global economy recovers, to tackle a range of global threats, including cyber attacks, that could cause catastrophic problems if left unchecked.
âLeaders can take advantage of this upswing to address many of those risks,â said Margaret Drzeniek Hanouz, head of economic progress at the WEF.
Risk of cyber conflict
Countries such as the UK and the US have been open about their development of offensive cyber capabilities, and the next global conflict will certainly involve the use of cyber weapons alongside conventional weapons.
More than 93% of the experts consulted by the WEFâs Global risks report believe there will be more political and economic confrontation among the major world powers this year.
âIt does not have to be military conflict, it could be trade, it could be cyber, it could be other forms of conflict, but I think cyber is one that is likely to grow as an avenue of conflict,â said Drzik.
Hackers route their attacks through multiple servers in multiple countries, making it notoriously difficult to attribute the source of any attack with any degree of accuracy.
A misdirected counter-attack, aimed at the wrong target, could precipitate a rapidly escalating cyber conflict, which could, in turn, escalate into armed conflict.
Early warnings of cyber risks
The planned cyber security centre, announced during the WEF summit, will go further than existing cyber security initiatives by extending collaboration internationally, said Richard Samans, a member of the WEFâs managing board.
âMost of the information-sharing initiatives you have seen so far are in-country,â he said in an interview with Computer Weekly. âIn Europe, you have a regional framework, but there has never been a global framework. And in certain sectors there is information-sharing with the public sector, but it is the international aspect of it that is new.â
Based in Geneva, Switzerland, the cyber security centre will operate as an independent organisation, under the auspices of the WEF. It will have Interpol as a strategic partner, and support from UK telecoms provider BT.
The WEF aims to establish what it claims will be the first global platform for governments, businesses, experts and law enforcement agencies to collaborate on cyber security risks.
The growing use of artificial intelligence (AI), the internet of things (IoT) and robotics in finance, healthcare, telecommunications and transport has given cyber crime prevention a new urgency â and the risk of a âdigital dark ageâ, the WEF argues.
Proposed projects include an independent library of best practices in cyber security, developing an agile regulatory framework on cyber, and acting as a laboratory to give governments and businesses an early warning of future cyber security scenarios.
Gavin Patterson, chief executive of BT Group, said of the initiative: âWe believe that closer, cross-border collaboration between the public and private sectors, in the form of sharing threat information and best practice, is critical if we are to succeed in combating cyber crime.â
Global risks more interdependent
The task is made more urgent because global risks are increasingly interconnected. Last yearâs cyber attacks damaged private sector computers, but they impacted the operation of government, and had knock-on effects for society and the economy.
Cyber attacks, when combined with economic instability, natural disasters, growing debt and rising inequality, could, according to the WEFâs Hanouz, push the world over a brink.
And âfake newsâ poses a serious risk if, for example, people start to believe propaganda that climate change is not a real issue, and that, in turn, influences national policies on global warming.
âWe are increasingly reaching a tipping point across a number of systems that cold really bring the systems to a brink, and could potentially have systemic and catastrophic consequences for humanity and the economy,â said Hanouz.
One example of the growing interdependency is the exponential growth in internet control of infrastructure and physical devices. The number of internet connected devices now stands at 8.4 billion, which is already more than worldâs human population of 7.3 billion â and the number of devices is projected to grow to 20 billion by 2020.
âThat just widens the attack surface for companies to potential attacks,â said Drzik. âThe use of artificial intelligence and other emerging technologies is also leading to greater cyber exposure to companies.â
Responding to cyber attacks
For Alison Martin, group chief risk officer of Zurich Insurance Group, people and password protection are still the weakest link in cyber security. âWe have to be smarter and we have to get ahead of the curve and look at what risks people are exposed to and how we can mitigate them,â she said.
Organisations spend $3.5bn a year on insurance premiums covering a few billion dollars of risk and the market is growing, particularly outside the US.
One measure of how far companies need to go to address cyber security is the relatively small scale of the cyber insurance market. Individual companies can get up to $1bn of cover, and the coverage of cyber risks has expanded to include risk of property damage, critical infrastructure and business interruptions.
By 2020, premiums for cyber security risks are expected to reach $10bn, but compared to the property insurance market, it is still relatively small compared to the size of the risk, said Drzik.
Where insurance companies can rally add value, he said, is by offering a risk assessment service to help businesses understand where they are exposed.
The General Data Protection Regulation (GDPR), which comes into force in May this year, has led companies to re-examine a lot of their cyber security, which has had a beneficial impact.
Businesses need to be more focused on how they respond to cyber attacks, as wells as preventing them, said Drzik.
âMost businesses that are based in natural disaster zones have very extensive business continuity plans,â he said. But only about one-third of companies have an incident plan to respond to a major cyber attack. And with corporate debt-equity ratios double those in 2010, businesses are more vulnerable to any sort of disruption.
âThis is an environment in general where businesses could face a lot of shocks, cyber and non-cyber,â said Drzik.
As organisations become more interconnected, a cyber attack on a companyâs suppliers or customers means that one organisationâs security depends on the security of others, at a local and global scale.
But will it work ?
While growth in the worldâs economies may present governments with an opportunity to pool their resources through the WEFâs Global Centre for Cyber Security, the political landscape makes co-operation more difficult.
The election of Donald Trump as US president heralded his country taking a more insular approach to politics, which led, among other things, to the US pulling out of the international Paris Agreement on climate change.
Add to that the growth of fake news, propaganda and political unrest in many parts of the world, and it is clear that the WEFâs cyber crime centre will have its work cut out to create the multinational agreements needed to keep up with cyber crime.
âWhere risk is borderless, you do need co-operative work to create solutions,â said Drzik. âAnd this type of friction between unilaterally orientated powers creates a very unsettling environment for it.â