Enterprise cybersecurity technology research that connects the dots.

Critical national infrastructure, widespread cybercrime, and cyber insecurity are major risks in the report

Maxine Holt, Research Director, Omdia

January 13, 2023

3 Min Read
transmission tower
Source: analogicus via Pixabay

A lot has happened in the 12 months since the World Economic Forum's (WEF) previous "Global Risks Report." Russia invaded Ukraine. The consequential impact on the supply of food and energy has led to a cost-of-living crisis being experienced by many. Extreme weather events have become a reality for more and more people. This rapid change is the backdrop to the report.

The 2023 report highlights that there is no single dominating crisis that the world is facing and there are, and will continue to be, constant crises that organizations, governments, and countries must navigate. Attacks on critical national infrastructure (CNI), widespread cybercrime, and cyber insecurity are highlighted as major risks throughout the next 10 years in the WEF's "Global Risks Report 2023," published on Jan. 11.

In terms of current crises identified in the WEF report — those emerging or present today — cyberattacks on critical infrastructure is the only technological risk appearing on the chart. CNI attacks are much sought after by malicious threats, as they can result in high-profile trust failures, potential pay dirt for ransomware, and could even lead to civil unrest.

The report comments: "Alongside a rise in cybercrime, attempts to disrupt critical technology-enabled resources and services will become more common, with attacks anticipated against agriculture and water, financial systems, public security, transport, energy and domestic, space-based and undersea communication infrastructure."

Examples of such attacks today include the UK's Royal Mail, currently dealing with a "cyber incident" that has resulted in the organization asking people to stop sending mail and parcels abroad. The outage of the NOTAM (Notice to Air Missions) system that grounded flights in the US on Jan. 11 is being investigated as a potential "nefarious cyber incident," although this is just one aspect of an investigation into the outage ordered by President Biden. Attacks on healthcare institutions, water supplies, fuel pipelines, and more all serve to remind what the "C" in CNI is there for — if something is defined as critical, it needs strong cybersecurity protection and resilience to keep people and societies safe and operational, as it will always be a target for cyberattack.

Risks Ranked

There is much to read in the 98-page WEF report. Although there are seven risks appearing in both the two- and 10-year outlooks ahead of widespread cybercrime and cyber insecurity, this is the leading technological risk, at No. 8 in both these outlooks.

There is actually little reference to cybercrime specifically in the report beyond the definition of "widespread cybercrime and cyber insecurity," which is described as "Increasingly sophisticated cyberespionage or cybercrimes. Includes, but is not limited to: loss of privacy, data fraud or theft, and cyber espionage."

Cybercrime is an everyday reality today. As just one example, ransomware continues to be a scourge on society and organizations, but the potential opportunities and yields are so great that it is here to stay. Phishing, crashing websites, and identity theft are just some further examples of cybercrime that are set to continue. Omdia's security breaches tracker has consistently shown that data exposure is the leading outcome of security breaches, accounting for around two-thirds of breaches in the first half of 2022.

This approximate two-thirds number has been consistent since 2019. The tracker also analyses the share of breaches by industry or vertical and healthcare was the biggest sector to be affected by security breaches in the first half of 2022, followed by the government sector. The healthcare and governmental sectors have interchanged "top spot" over the same three-year period as for data exposure. It's fair to say that data is poorly protected today and that government and healthcare are huge targets for data because of the sort of information they hold.

Cyber insecurity is useful terminology when we know that many organizations do not have adequate cybersecurity capabilities. Omdia's "IT Enterprise Insights 2022-23" found that 27% of organizations describe themselves as "well advanced" in managing security, identity, and privacy, and a further 34% as "advanced," this does leave 39% of organizations with a substantially inadequate approach.

About the Author(s)

Maxine Holt

Research Director, Omdia

Maxine leads Omdia's cybersecurity research, developing a comprehensive research program to support vendor, service provider, and enterprise clients. Having worked with enterprises across multiple industries in the world of information security, Maxine has a strong understanding of the Office of the CISO, the security challenges CISOs face, and how organizations can look to overcome these challenges.
Before rejoining Omdia (as Ovum) in 2018, Maxine spent over two years at the Information Security Forum (ISF) developing research in areas including Protecting the Crown Jewels and Securing Collaboration Platforms. Prior to the ISF, Maxine spent 15 years at Ovum covering topics including security, human capital management, and identity and access management. Maxine has a particular interest in how all the component parts of security combine to make up an organization's security posture. She focuses specifically on the Office of the CISO.
Maxine started her career as a software developer in the financial services industry. She gradually progressed into a systems analyst role and then moved into consulting for the financial services and Internet sectors. Maxine is a regular speaker at events and writes a monthly Computer Weekly article covering various aspects of information security.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights