Is cybercrime the biggest risk of doing business?
Each year the World Economic Forum produces a Global Risks Report, which examines some of the major risks facing the world in the year ahead. After failing to predict a global pandemic at the start of the year, they’ve gone back to the drawing board with an updated report that looks at the risks in each region of the world.
While the risks presented by unemployment, the spread of infectious diseases, and fiscal crises are quite evident to us all, and unsurprisingly taking the top three spots in the global risk register, the 4th most harmful risk facing the world is that from cyberattacks. Indeed, in Europe, the WEF found that cyber-attacks were the 2nd biggest risk facing businesses across the continent.
Across Europe, the threat posed by data fraud, the misuse of technology, and the breakdown of critical information infrastructure was extremely high, with the risk of cyber attack greatest in Singapore, the Netherlands, Israel, and Japan.
"Just as economic and climate concerns will require firms to refocus business plans, a greater reliance on digital infrastructures will mean a marked increase in cyber risk exposures."says John Doyle, President and CEO of Marsh
This apparent vulnerability to cybercrime was reflected in new data from PwC, which reveals that 21% of UK workers have felt more vulnerable to cybercrime during the COVID pandemic. Stress was a major cause of this apparent vulnerability, with the remote working that has been foisted upon the workforce being another contributing factor.
PwC explains that this heightened vulnerability is largely due to the opportunistic nature of cybercrime and cybercriminals. As such, they’re exploiting the fear, uncertainty, and stress that surrounds COVID to target their victims and play on their emotions. They suggest that as the pandemic unfolds and discussions move onto topics such as cures and vaccines, these are likely to become conduits through which the criminals will operate.
“It is therefore understandable that people are feeling vulnerable to cybercrime, and according to our survey, 19% of people working from home during the pandemic do not feel that they have the necessary skills and training to keep safe from a cyberattack,” they explain. “However, people should not feel helpless, there are simple steps they can take to protect themselves, and just gaining an awareness of how criminals might seek to target them is a good start.”
It’s a dire situation echoed in a second report, from data provider Vacancysoft, which highlights that 70% of companies don't feel they have sufficient skills to provide a robust defense against the 65,000 attempted cyberattacks that, as the authors state, are made against small businesses in the UK every day.
The report highlights the tremendous skills gap in the sector.
58% of IT hiring managers are citing cybersecurity as the key skill they're looking for, but just 10% of tech professionals have the requisite skills to fill such roles.
That's helping to create a situation whereby some 70% of companies across Europe lack the skills required, with the report suggesting a skills shortage of some 140,000 people exists across the continent.
“Given the cost – both financially and reputationally to businesses – it is surprising to hear that cybersecurity only accounts for 5.6% of total IT spend in a company,” the authors say.
Despite the number of cybersecurity professionals working in the UK growing by 37% over the past two years, there have been hiring freezes during the lockdown, which has meant organizations have remained vulnerable.
New forms of attack
PwC reveals that organizations have seen a significant rise in criminal activity since the outbreak of COVID in March, with employees particularly noticing rises in somewhat speculative forms of cyberattack, such as malicious adverts and suspicious emails. Employees also reported feeling significantly more vulnerable when they were sharing personal details, even when doing so as part of official government contact tracing systems. It’s a situation that the authors believe demands that employers up their game and invest more in training staff about good digital hygiene.
“Employers also have a responsibility to equip their staff with the knowledge and skills they need during this difficult time,” they say. “With many people not being physically located with their teams, while working from home, it is especially important for IT and cybersecurity teams to make security easy for staff, embed it in the ways they work, and provide them with as much support as they can.”
With the threat posed by cybercrime clearly highlighted by the WEF, we can but hope that these organizational shortcomings are properly addressed so that the threats they outline do not materialize. We can't say we haven't been warned.