Tuesday, January 28, 2014

2014 World Economic Forum Risk Report - High and Low Lights...

Each year I look forward to reading the annual World Economic Forum (WEF) Risk Report.  The WEF has been publishing these very compelling reports for the past 9 years.  The 2014 Risk Report was published on December 31, 203 and can be found at this LINK.

This year's report maps 31 global risks according to the level of concern, likelihood and impact, and interconnections among them.  Of these risks they identify the Top 10 Risks of Highest Concern and they have also included a fascinating discussion on what they call "Digital Disintegration" which examines cyberspace and its future for the globe.

The graphic below shows the 31 global risks and their categories including how the Top 10 Risks are detailed.

Infrastructure Risks

Of course as I look at the 31 risks, I am very interested in the "critical infrastructure-centric" issues that the WEF survey participants highlighted.  My own personal "Top 10" list includes the following from the list of 31:

  • Economic: Failure/shortfall of critical infrastructure
  • Environmental:  Greater incidence of extreme weather events
  • Environmental:  Greater incidence of natural catastrophes
  • Environmental:  Greater incidence of  man-made environmental catastrophes
  • Environmental:  Water Crises
  • Geopolitical:  Large-scale terrorist attack
  • Societal:  Mismanaged urbanization (inadequate infrastructure and supply chains)
  • Technological:  Breakdown of critical information infrastructure and networks
  • Technological:  Escalation of large-scale cyber attacks
  • Technological:  Massive incident of data fraud/theft
Risks in Terms of Likelihood and Impact

On page 17 of this 60-page report there are two tables showing the evolving global risk landscape from 2007 to 2014 based on the World Economic Forum Global Risk Reports.  The referenced table shows a fascinating movement of risk likelihood and impact moving from economic/technological issues to more geopolitical and environmental issues.  Comparisons are shown in the graphic below:

I've starred the two of concern for both likelihood and impact -- that is in the area of cyber -- both attacks and information infrastructure breakdown.  So, in spite of the list of 31 and the top 10 risks shown above, please consider that our digital arena is at risk among the top 5 of 31 risks.

Report Section 2.4: Digital Disintegration

A quote from the report:

While cyberspace has proved largely resilient to attacks and other disruptions so far, its underlying dynamic has always been such that attackers have an easier time than defenders.  There are reasons to believe that resilience is gradually being undermined, allowing this dynamic of vulnerability to become more impactful."

Unfortunately, this quote is consistent with my past writings on "Assumption of Breach" and that the attackers have it easier than the defenders -- just remember my kitchen sieve model where the CISO needs to cover every hole with one hand yet the attackers only need one opening...ugh!

So, as noted in the WEF report cyber risks can be summarized through the acronym CHEW -- crime, hactivists, espionage and war.  However, the WEF report also notes that a large cloud provider could suffer an "...Enron- or Lehman-style failure virtually overnight."  

The report continues to note that environmental triggers could easily play a role in disintegrating our digital backbone through such events as an earthquake devastating Silicon Valley (e.g., San Andreas fault) or a solar super storm could cause major outages of national electric grids, satellites, avionics or signals from global navigation satellite systems.

Hence, our ever expanding reliance on the digital highways and systems may increase the risks to our global economy.

Finally, the WEF report goes on to note:

Increasingly, there is recognition that the growing role of cyberspace is not only a technical and geopolitical concern but also presents serious risks to economic well-being.  While failure of critical online infrastructure represents a systemic risk that could impact global growth, so does a large-scale loss of trust in the Internet.  ... Effective methods for measuring and pricing cyber risks may even lead to new market-based risk management structures, which would help in understanding the systemic interdependencies...that now depend on cyberspace.


As usual, the 60-page report from the World Economic Forum is full of interesting perspectives on the economic, environmental, geopolitical, societal, and technological arenas surrounding global commerce and society.  I would highly suggest you take a minute to download the report and at least page through the many points of discussion in the report and gain a perspective a bit different from your normal cable news channel.  Of course I focused on the infrastructure and cyber issues in this blog; however, I also believe you will gain some very interesting perspectives on the challenges facing our children and the "teetering" issues in our increasingly multipolar world.