The most pressing viral threat
Global risksArticleOctober 13, 2020
Covid-19 and its economic repercussions are ranked the leading global risks to doing business. But Lori Bailey, Global Head of Cyber Risk of Zurich Insurance Group, looks at why in some parts of the world a different viral threat takes precedence.
Following the global health and economic crises unleashed by Covid-19, it’s understandable that infectious diseases and unemployment take the top two places in the World Economic Forum’s 2020 Regional Risks for Doing Business survey.
But what did come as a surprise, was that cyberattacks were overwhelmingly perceived to be the number one risk to doing business in North America.
Despite the devastating impact of Covid-19 across the U.S. and record levels of unemployment, it’s a possible cyberattack that keeps North American business leaders awake at night.
In fact, 54% of respondents in North America regard cyberattacks as a leading threat, far higher than any other region. Meanwhile the ‘spread of infectious diseases’ ranked second scoring almost 23 points lower at 31.1%, and unemployment, the top global risk, ranked seventh at 18.9%.
So why are North American business leaders most concerned about cyberattacks, and does the rest of the world need to follow their lead and refocus their attention to cybersecurity?
A different viral concern
This year, awareness and the actual risks and associated costs of a cyberattack for businesses in the region have risen to new levels.
In January, the California Consumer Privacy Act (CCPA) came into effect. This landmark law secures new privacy rights for California consumers. But arguably the greatest risk to businesses involves data security, as the CCPA creates a private right of action with substantial statutory penalties for breaches involving California consumers’ personal information.
News about the CCPA, combined with headlines about recent ransomware attacks and data breach settlements, will certainly move cyberattacks up the corporate agenda in North America.
There’s also a growing realization that greater public awareness of cybersecurity and privacy rights means that damage from a data breach is not just financial, but reputational too. A factor that is more difficult to measure but can be more catastrophic and long-lasting than simply paying a settlement.
But North America is not alone. As you delve deeper into the WEF’s data, you’ll find many countries rank cyberattacks as the top risk for doing business – and some are more concerned than the U.S.
Unsurprisingly, many European countries fall into this category. A growing number of fines have been issued by the EU’s General Data Protection Regulation (GDPR), which came into effect in May 2018 and provides similar privacy rights as the CCPA.
The GDPR’s maximum penalty is €20 million or 4% of global turnover - whichever is greater. To date, the ICO has handed out over €300M in fines and it remains to be seen how many more will be levied in the months and years ahead. Similar regulations are being proposed in other countries prompting heightened regulatory awareness in many territories.
The Covid effect
Covid-19 also has a big influence on the perceived threat of cyberattacks around the globe. On one hand, the pandemic and its immediate economic repercussions have diverted business attention to these new risks.
But on the other hand, Covid-19 is having a direct adverse impact on cybersecurity. The pandemic has accelerated the already rapidly evolving speed of digital transformation and advancements in technology with many people working remotely and accessing corporate networks from their homes. It also has taken its toll on cybersecurity budgets which are under increasing financial strain.
This heightens the risk of a cyberattack as cyber criminals look to exploit the challenges of remote working, greater reliance on cloud-based technologies and disrupted supply chains. In the first few weeks of the pandemic alone, the number of Covid-19 related registered domains jumped by almost 400% - many created for malicious purposes.1
With these risks, it’s no wonder cyberattacks are considered the number one concern to business across so many countries.
But learnings from Covid-19 can also help us tackle cyberattacks. As the world was brought to a standstill by a physical virus, so too can happen with a malware contagion, which can spread quickly and without geographic boundaries.
As such, basic precautionary measures are necessary to mitigate future risk. Just as handwashing, face masks and social distancing have become commonplace, activities such as security monitoring, mobile device management and utilization of virtual private networks (VPNs) are a few key cyber recommendations that should also become customary to thwart potential attacks.
Equally important is user awareness training, which educates corporate employees on the latest social engineering and phishing tactics – often the leading cause of many cyberattacks. As with an illness, such precautionary measures may not completely prevent an attack, but can certainly mitigate any potential damages and future harm.
As the world emerges from Covid-19, these inherent cyber risks will not go away. Expect to see cyberattacks move back up the WEF’s ranking once the pandemic has passed and economies recover.
It also means that basic cybersecurity measures must continue to be top of mind for companies around the globe to defend against these evolving threats. In the end, it is digital resilience that affords the ultimate solution to the growing cyber virus pandemic.
1 Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide, Insikt Group, March 2020