If cybercrime were a state, it would be the third largest global economy after US and China, with an estimated revenue of $10.5tn, up from $3tn in 2015. It is with this chilling statement, borrowed from a 2020 report by US-based firm Cybersecurity Ventures, that Albania’s Prime Minister Edi Rama started his intervention during the 2023 World Economic Forum (WEF), in Davos, Switzerland, on January 18, 2023.
Prime Minister Rama, whose country’s public sector suffered a cyber-attack attributed to Iran in the summer of 2022, spoke alongside a panel of speakers for the launch of WEF’s report, the Global Cybersecurity Outlook 2023.
The report shows that 86% of business leaders believe that global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years. Additionally, 93% of cyber leaders have the same opinion, claims the report.
“This far exceeds what we’ve seen in previous surveys,” Jeremy Jurgens, WEF’s managing director, commented during a press conference.
This fear has been fuelled by the conflict between Russia and Ukraine, which has brought a number of cyber-attacks not only in the two countries but also to other European countries, Jurgens said.
“Cyber-attacks can spread unpredictably, [as] we saw in the VA-SAT attack, which was initially intended to shut down communication services for the Ukrainian military but closed off part of electricity production across Europe,” he added.
Further, the WEF report also found that 43% of business leaders believe cyber-attacks will have a material impact on their organizations. Still, only 27% of them think they have achieved cyber-resilience.
Skills Gap in the Spotlight
In the meantime, the report shows that the cyber skill shortage is dire, with 34% of respondents saying they have skill gaps in their teams and 14% saying they lack specific critical skills to protect their organizations.
“When we focus on those numbers, we see that the gap between cyber-resilient companies and the likelihood of a material, catastrophic event is significant,” Julie Sweet, CEO of Accenture, warned during the press conference.
To start bridging this gap, Sweet gave three actionable steps:
- Secure the core, with consistent built-in security in the technologies organizations use.
- Address the talent challenge by deploying automated technology and implementing more and better training.
- Shift the mindset and culture at the C-Suite by involving cyber leaders in the regular business reviews.
This latter actionable step seems to be gaining ground, “with 56% of security leaders now meeting monthly or more regularly with the board,” Jurgens noted.
Another positive takeaway from the WEF report lies in cybersecurity investment: “Business leaders increasingly see cybersecurity as part of their strategic investment plan, with 49% of them saying that cybersecurity helps them evaluate the countries with which they decide to invest in,” Jurgens added.
During the press conference, Albania’s Prime Minister added another cyber-resilience challenge on a broader scale: countries need larger coalitions to defend themselves.
“Traditional crime in Europe has created a much more functioning EU than the European states have, because [their actors] are hugely interconnected, don’t have to sit through never-ending meetings, and don’t have to deal with vetoes, while the EU states are always struggling to find consensus on their strategy,” he said.
While such a cyber-coalition doesn’t currently exist, Juergen Stock, secretary-general of the International Criminal Police Organization (INTERPOL), insisted that his organization brings 195 countries together and that broad collaboration efforts are run on specific law enforcement operations – and are successful.
“A case in point was the coordinated operation in 14 countries across four continents against the West African organized crime group Black Axe, that resulted in 75 arrests, a further 70 suspects identified and more than €1m intercepted in bank accounts,” Stock recalled.
The WEF’s Global Cybersecurity Outlook 2023 report was compiled in partnership with Accenture and includes input from interviews for over 300 executives globally.