25 January 2023

Surprising Cyber Focus at the World Economic Forum

And this year at the WEF meetings, cybersecurity made headlines in many ways. Here are a few examples:

Experts at Davos 2023 call for a global response to the gathering ‘cyber storm’”: “As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cybersecurity. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyberattacks.

“‘There’s a gathering cyber storm,’ Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. ‘This storm is brewing, and it’s really hard to anticipate just how bad that will be.’

“Already, cyberattacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cybersecurity firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.”

The 2023 annual meeting coincided with the release of the Forum’s Global Cybersecurity Outlook 2023, an excellent report.

And here’s an excerpt from the WEF cybersecurity report executive summary for 2023:

“Key findings include:

The character of cyber threats has changed. Respondents now believe that cyber attackers are more likely to focus on business disruption and reputational damage. These are the top two concerns among respondents.

Global geopolitical instability has helped to close the perception gap between business and cyber leaders’ views on the importance of cyber-risk management, with 91% of all respondents believing that a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years.

Following from this, 43% of organizational leaders think it is likely that in the next two years, a cyber attack will materially affect their own organization. This, in turn, means that in many cases, enterprises are devoting more resources to day-to-day defenses than strategic investment.

The data protection and cybersecurity concerns created by geopolitical fragmentation are increasingly influencing how businesses operate and the countries in which they invest.

Business executives acknowledge that their organization’s cybersecurity risk is influenced by the quality of security across their supply chain of commercial partners and clients.

Leaders intend to respond to these concerns by strengthening controls for third parties with access to their environments and/or data and re-evaluating which countries they do business in. However, business leaders are more likely to focus on in-house solutions for cyber-risk management, whereas security leaders place a higher priority on partnerships with other organizations.

Many organizations are undertaking large digital transformation projects. Adding emerging technology to legacy IT increases the complexity of organizations’ digital environments and therefore their cybersecurity risk. Leaders struggle to balance the value of new technology with the potential for increased cyber risk in their organizations.

Cyber executives are now more likely to see data privacy laws and cybersecurity regulations as an effective tool for reducing cyber risks across a sector. This is a notable shift in perception from the 2022 Outlook report. Despite the challenges associated with compliance, cyber leaders acknowledged that regulation incentivizes much-needed action on cybersecurity.

Structured interactions between cyber and business leaders are becoming more frequent. 56% of security leaders now meet monthly or more often with their board. This is rapidly narrowing the cybersecurity perception gap. However, more needs to be done to promote understanding between business and security teams to support effective action by organizational leaders.”

Indeed, global events support the narrative that 2023 may be a rough year for cybersecurity incidents. Consider these headlines:

WEF: “Geopolitical Instability Raises Threat of ‘Catastrophic Cyberattack in Next Two Years’” — “Despite challenges, organizations are improving cyber resilience, one of the key priorities of the World Economic Forum’s Centre for Cybersecurity. The report, written in collaboration with Accenture, says that awareness and preparation will help organizations balance the value of new technology against the cyber risk that comes with it.”

The Guardian (U.K.): “Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency” — “Ukraine has suffered a threefold growth in cyber-attacks over the past year, with Russian hacking at times deployed in combination with missile strikes, according to a senior figure in the country’s cybersecurity agency.”

TechCrunch: “Maritime giant DNV says 1,000 ships affected by ransomware attack” — “DNV, a Norwegian shipping classification society, has confirmed its systems were hit by a ransomware attack, affecting around 1,000 ships that rely on its technology. ”

Associated Press: “UK: Royal Mail cyber incident delivers overseas disruption” — “Britain’s Royal Mail asked customers Monday to refrain from sending items to overseas destinations until further notice as it tries to address a ‘cyber incident’ that is temporarily preventing the postal service from dispatching letters or parcels to other countries.

“Royal Mail said it continues to experience ‘severe service disruption’ without providing further details.”

Bloomberg: “Royal Mail Export Chaos Has Businesses Fuming After Cyber Attack” — “Small businesses say orders at risk, customers losing patience. Cyberattack impact comes on the heels of strike disruptions.”


I watch CNBC business news most mornings as I work out on my treadmill before breakfast. This past week has been live from Davos, with dozens of stories related to our economy, technology and even cybersecurity.

One story on Friday morning led with this headline: “Global economic outlook may be less bad — but we’re still not in a good place, IMF chief says.” Here’s an excerpt:

“The global economic outlook is not as bad as feared a couple of months ago — ‘but less bad doesn’t quite yet mean good,’ according to the managing director of the International Monetary Fund.

“'We have to be cautious,’ Kristalina Georgieva told a closing panel at the World Economic Forum in Davos moderated by CNBC.

“She said headline inflation was heading down and China’s reopening was expected to boost global growth, with the IMF forecasting its economy will outpace global growth of 2.7% this year, at 4.4%, after slipping below it for the first time in four decades last year.”

Will the same be true for technology and cybersecurity? Can we have a better 2023?


Let’s end this piece with an upbeat interview with ServiceNow’s CEO Bill McDermott, who remains very optimistic about 2023. McDermott makes the case that digital transformation is growing eight times faster than the overall economy, and we will not have a recession for IT spending in the coming year.

No comments: