The World Economic Forum Global Risks Report 2016 underlines the threat of cyber attack as a growing menace facing major companies. Ben Cooper examines the report’s findings on the dangers of cyber attacks and other principal risks facing companies over the next ten years identified in the report.
The benefits of the digital revolution for consumer goods companies are undeniable, both in relation to business efficiency or in the fundamental way it has transformed the relationship consumers have with brands, through websites, online shopping and social media.
However, the digital age has brought with it risks that did not exist in simpler times and the most tangible example of this is cyber attack. It is no surprise therefore to see the prominence the World Economic Forum Global Risks Report 2016 gives to what is an increasingly prevalent and costly issue.
Now in its eleventh edition, the report quantifies and compares business risks as identified by the Global Risks Perception Survey, a poll of 750 experts from business, government, academia, NGOs and international organisations. Conducted between mid-September and the end of October 2015, the survey examines the perceived impact and likelihood of 29 prevalent global risks, categorised as economic, environmental, geopolitical, societal or technological, over the coming ten years.
The top five “most impactful” risks were the failure of climate change mitigation and adaptation, followed by weapons of mass destruction, water crises, large-scale involuntary migration and severe energy price shock. The survey also examines risk in terms of likelihood where the top five risks were large-scale involuntary migration, extreme weather events, failure of climate change mitigation and adaptation, interstate conflict and major natural catastrophes.
The rise of the digital revolution
Coming soon after the COP 21 talks in Paris late last year, the fact climate change is now seen as the biggest risk in terms of impact has attracted much attention but, as crucial and pervasive as the issue is, it should not eclipse other risks beyond the environmental sphere and, of these, cyber-attack is perhaps one the most notable.
As highly automated and computerised businesses, as well as enthusiastic adopters of social media as a marketing tool, major food companies are undoubtedly heavily exposed. Unilever, Nestle and PepsiCo are among the many major food companies now using Twitter, Facebook and other social media extensively to support consumer communication. In addition to brand promotion activity, food companies are increasingly using social media to underpin messages around sustainability and health and wellness.
Fraud, theft, vandalism, industrial espionage and sabotage are risks businesses have always carried but the digital revolution has greatly increased the power of a small number of individuals or even one person to cause companies great harm. Moreover, data theft of consumers’ personal information threatens to undermine the greater rapport and trust brands are seeking to establish with their consumers through social media.
Are executives under-estimating the risk?
Even though it ranked just outside the top ten overall in terms of both impact and likelihood, its relatively high rating on both puts cyber attack in the top right hand quadrant of the report’s Global Risk Landscape, a matrix plotting likelihood against impact.
However, analysis of the Executive Opinion Survey (EOS), a separate survey of what business executives view as major risks to doing business, shows a greater emphasis on the risks of cyber attack while also revealing some sharp regional divergence.
Speaking at the press conference to launch the report, John Drzik, president, global risk and specialties at insurance and risk management firm Marsh & McLennan, which contributed to the report, suggested cyber attack was probably under-estimated in the overall risk rankings.
Drzik pointed to the “significant disparity” in how cyber attack risk was rated, both in the Global Risk Perception Survey, where it was number one in the US but not even in the top ten in many other regions, and in the EOS. The EOS shows cyber attack is perceived as the risk of highest concern in eight economies, namely Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland, and the US, but in many others it does not feature at all.
“With respect to this striking difference, I think the risk has been underestimated where it is low on the list,” Drzik said, characterising the battle between the hackers and internet security efforts as an arms race. “This is a boundary-less risk; it’s not going away. Today 90% of the cyber insurance is bought in the US but 90% of the risk is clearly not in the US. It’s clearly a much broader issue than that. So I think this risk needs more attention in many markets and I think this is going to be with us for many years.”
Could public-private partnership help?
Drzik said addressing cyber crime was a good example of where the public and private sector could collaborate in tackling risk. “Security against the hacker community is a common interest for business and government,” he said. He noted that some collaboration was already happening and this could be expanded.
However, the report warns of challenges inhibiting such partnership in tackling cybercrime. “Public-private partnership can be held back by lack of trust and misaligned incentives,” it states. “Businesses may fear exposing their data and practices to competitors or to law enforcement agencies. And the private sector’s primary interest in rapid recovery and continuity of business operations may not align with the public sector’s primary interest in apprehending and prosecuting perpetrators.”
Cyber attack and data theft are both classified as technological risks, as distinct from environmental, societal, economic or geopolitical, in the WEF methodology. Some classification of different types of risk is helpful but an overarching theme emerging from the report is global risks are becoming increasingly interconnected.
“Risks are increasingly interconnected and they’re increasingly imminent,” Espen Barth Eide, head of geopolitical affairs at WEF, told the press conference. “So the risk perspective is ten years but risks that we’ve been seeing emerging are now perceived to be more here, more imminent, more real time, more tangible in this moment.”
That could be said of the top-rated risk in terms of likelihood, that of large-scale involuntary migration. Margareta Drzeniek, head of global competitiveness and risks at WEF, said this year had seen involuntary migration “shoot up” to become the most likely risk, reflecting the huge concern over Europe’s refugee crisis. It had also shown the largest change in risk rating of any factor examined by the report, Drzeniek added.
The Fourth Industrial Revolution
Respondents to the survey were additionally asked which risks were inter-related and could give rise to “cascading risks”. Three emerged strongly: the potential for climate change to exacerbate water crises; the global refugee crisis; and the risks of failing to fully understand the risks around the Fourth Industrial Revolution, a collective term defining a combination of trends in automation, data exchange and manufacturing technology, and how the transition will have an impact on countries, economies and people at a time of persistently sluggish growth.
The potential for climate change to trigger political instability and conflict in the future is clear, and by the same token political instability threatens to undermine global responses to climate change. Cecilia Reyes, chief risk officer at Zurich Insurance Group, which also contributed to the report, defined this as a “negative feedback loop”.
According to Reyes, while geopolitical instability carries its own inherent risks – exposing businesses to cancelled projects, revoked licences, interrupted production, damaged assets and restricted movement of funds across borders – it also makes the challenge of climate change “all the more insurmountable, reducing the potential for political co-operation, as well as diverting resource, innovation and time away from climate change resilience and prevention”.
At the same time, climate change itself “is exacerbating more risks than ever before in terms of water crises, food shortages, constrained economic growth, weaker societal cohesion and increased security risks”.
It is perhaps no surprise that, in the increasingly interconnected world which the Fourth Industrial Revolution is creating, it will be the capability of risks to cause or exacerbate others that will be an abiding feature of the global risk landscape.
The WEF report argued the “most impactful” risk was climate change. Click here for our look at the report’s findings and why climate change is expected to exacerbate other risks to business.
To read the findings at a glance, click here.