wef global risks report 2024 blog

The WEF Global Risks Report 2024: Key Takeaways

IT and business leaders should be well aware by now of the risks that cyber-related threats pose to the organisation. They also understand at a high level the wider societal and economic damage that persistent, elevated cyber risk can cause. But sometimes, it helps to contextualise these thoughts against the backdrop of the global risk landscape.

That’s the purpose of The World Economic Forum (WEF) Global Risks Report, which for nearly two decades has been helping business leaders make better informed strategic decisions.

It’s produced from a Global Risks Perception Survey (GRPS) of 1490 experts across academia, business, government, the international community and civil society, as well as a WEF Executive Opinion Survey of 11,000 business leaders. There’s also input from scores of WEF experts collected over a six-month period last year.

In short, it’s about as comprehensive a view of the current risk landscape as you can get. And the headline news? AI and cyber-threats are right at the top of respondents’ biggest global risks for the next 2-10 years.

How Does Cyber Rank Among Global Risks?

From the GRPS, experts ranked “cyber insecurity” – that is, threats including cyber-warfare, cyber-espionage and cybercrime such as ransomware, fraud and data theft – as follows:

  • Number four out of 34 possible risks over the short-term (the next two years), rising to third place for government and private sector respondents
  • Number eight out of 34 risks over the longer term (the next decade), rising to sixth for government respondents (private sector respondents also placed it eighth)
  • A “persistent” threat; that is, one highlighted as a top-10 concern in the previous GRPS
  • A growing concern – it moves up four places on last year’s short-term top 10 risks list

 

Other cyber-related highlights from the report include:

A fast-growing AI threat:

AI-powered misinformation and disinformation tops the list of near-term risks, comes second in terms of current risk landscape (cited by 52% of GRPS respondents), and is placed fifth on the long-term risk list. The report warns of the impact of deepfakes here. It also warns of an over-reliance on a small set of foundational AI models, especially in the financial and public sectors, or a single underlying cloud provider. This could increase the risk of major disruption to services, including critical infrastructure if such choke points are targeted, WEF argues.

Flourishing cybercrime:

One of the least surprising findings of the report is that cybercrime continues to go from strength to strength – with “new tools and capabilities” creating new markets for organised crime networks. It adds that cybercrime offers “an increasingly low-risk and low-cost revenue stream for organized crime”. For example, generative AI (GenAI) is being used to create large-scale and highly accurate phishing campaigns in multiple languages. As organisations build more sophisticated defences to tackle the threat, criminals will naturally shift to “less digitally literate individuals or less secure infrastructure and systems”.

Blurred lines between states and cybercrime:

WEF also warns of an uptick in state-sponsored attacks, especially those designed to generate revenue for autocratic and fragile regimes like North Korea. Such states could benefit from a closer relationship with the cybercrime underground, specifically off-the-shelf hacking tools and “services-for-hire”. This development would effectively broaden the number of organisations at risk of state-backed compromise. “Symbiotic partnerships between states and organized crime could grow … in return for concessions and bilateral agreements,” the report notes.

What Does This Mean for Cybersecurity and Compliance?

Jamie Akhtar, co-Founder and CEO at CyberSmart, argues the report should be a call to arms.

“We live in a world where the supply chain is king. This means that smaller businesses that supply the state or larger multinationals can become targets in their own right, as cyber-criminals look to exploit them for access to bigger targets,” he tells ISMS.online.

“Every business, no matter its size or sector, needs to treat cybersecurity as a priority.”

Erfan Shadabi, cybersecurity expert at comforte AG, tells ISMS.online that organisations need to ingrain cybersecurity into their DNA with a focus on data protection.

“This involves continuous monitoring, threat intelligence integration and regular training for employees to cultivate a cybersecurity-aware workforce,” he adds.

There’s clearly a role for best practice security standards like ISO 27001 here in helping to build a security-by-design culture among organisations. But Shadabi also sees an opportunity beyond mitigating risk.

“Contrary to viewing cybersecurity solely as a defensive expenditure, organisations should recognise its potential to promote business growth. A strong cybersecurity posture not only safeguards sensitive information but also cultivates trust among stakeholders – customers, partners, and investors,” he argues.

“Demonstrating a commitment to data security can be a competitive advantage, especially in industries where trust and data integrity are paramount.” CISOs could even use the WEF report to help secure more funding from the board, Shadabi says.

“The findings and warnings in the WEF Global Risk Report can be powerful tools for CISOs seeking increased board involvement and investment in cybersecurity,” he claims. “By presenting the elevated global risk rankings and the evolving tactics of cyber-adversaries, CISOs can underline the urgency of fortifying the organisation’s defences.”

CyberSmart’s Akhtar agrees that business leaders will be particularly primed to take notice of the WEF’s findings, given that their peers contributed to the report.

“It’s more vital than ever that boards continue to prioritise cybersecurity investment,” he concludes. “What’s more, there’s a misconception that good cybersecurity has to be expensive. In fact, many businesses, particularly smaller ones, could dramatically improve their defences simply by implementing the basics better or, in some cases, at all.”

 

Author

Phil Muncaster

Phil Muncaster has been an IT journalist for 15 years. He started out as a reporter on enterprise IT title IT Week in 2005 and progressed to the role of News Editor before leaving to pursue a freelance career. Since then, Phil has written for titles including The Register, where he worked as Asia correspondent whilst based in Hong Kong for over two years, MIT Technology Review, SC Magazine, Infosecurity Magazine and others.

View all posts by Phil Muncaster

Related Posts

ISMS.online now supports ISO 42001 - the world's first AI Management System. Click to find out more