Cyber attacks ranked as top risk in Europe, North America, East Asia and the Pacific

Get a copy of the upcoming book "Secure Operations Technology"

There are significant differences in risk perceptions across the eight regions covered in the World Economic Forum’s Regional Risks for Doing Business report. Over 12,000 executives highlighted concerns ranging from economic to political, societal and technological. Unemployment, failure of national governance and energy price shocks were among the top worries of executives across various regions.

Cyber attacks are the number one risk in Europe, East Asia and the Pacific and North America. This points to growing concerns about technological risks – cyber attacks were the top risk in two regions, according to the 2017 survey (East Asia and the Pacific and North America), and only one region in 2016 (North America).

Failure of national governance ranked number one in Latin America and South Asia, highlighting the costs of political strains that have been evident in much of the world in recent years. In the energy-rich regions of Eurasia and Middle East and North Africa, energy price shocks were ranked as the top risk to doing business. Unemployment was perceived as the top risk for doing business in sub-Saharan Africa, representing mostly the absence of demand in the region.

“Given the current geopolitical uncertainty globally, cooperation within and among regions is of critical importance. Understanding the evolving risks in different regions is therefore top of mind for business leaders,” said Mirek Dusek, Deputy Head of Geopolitical and Regional Agendas and Member of the Executive Committee at the World Economic Forum.

“By drilling down to regional and country-level data, this new Regional Risks for Doing Business report allows us to gauge how risk sentiment is evolving around the world. Cyber attacks are increasing in prominence, but it is striking how many business leaders point to unemployment and national governance as the most pressing risks for doing business in their countries,” said Aengus Collins, Head of Global Risks and the Geopolitical Agenda at the World Economic Forum.

Cyber attacks are seen as the number one risk for doing business in markets that account for 50% of global GDP. This strongly suggests that governments and businesses need to strengthen cyber security and resilience in order to maintain confidence in a highly connected digital economy,” said Lori Bailey, Global Head of Cyber Risk, Zurich Insurance Group, and Member of the Forum’s Global Future Council on Cybersecurity.

“While large cyber attacks are the number one concern of executives in advanced economies there is growing apprehension about the potential for national governance failures in emerging markets,” said John Drzik, President of Global Risk and Digital at Marsh. “Across the globe, businesses are also concerned with rising geopolitical friction that has already resulted in rising tariffs and sanctions and which could further fuel the growing threat of expropriation or political violence.”

Top five risks of doing business by region:

cyber attacks top risk

“Businesses are right to be concerned by the prospect of cyber-attacks threatening them over the next ten years. Despite $114bn being invested in cybersecurity in 2018, businesses are still getting owned with alarming regularity. When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security,” Fraser Kyne, EMEA CTO at Bromium told Help Net Security.

“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilise machine learning, AI and behavioural analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate. Malware writers will also innovate using similar tools to make their attacks more effective.

“If businesses are to truly mitigate the risk of cyber-attacks over the next decade, they need to drastically diversify their defences. A new approach is needed to mitigate the risk of cyber-attacks, one that provides effective isolation of threats, not just identification of threats. By adopting layered cybersecurity defences that utilise application isolation, organisations can ensure they are better prepared to cope with the threats they will face over the coming years,” Kyne concluded.