Leaders are increasingly concerned about a broad range of interconnected risks.
According to the World Economic Forum’s Global Risk Report 2024, the vast majority of executives, leaders, and global experts expect some instability and risk within the next two years. Even more see global catastrophic risks looming by the mid 2030s.
Only the slimmest minority — 1% of survey respondents — see a negligible risk of global catastrophe in the same time frame. These risks span multiple categories, from economic and geopolitical risks to environmental, societal, and technological risks.
This is already having a powerful impact on the way business leaders address risk management. Government leaders, enterprise decision-makers, and small business owners are being forced to respond to a complex and rapidly changing risk landscape.
However, these changes don’t always announce themselves clearly and unambiguously. It’s common for today’s leaders to find themselves responding to situations they don’t fully understand because the information they need isn’t readily available.
The WEF report asked respondents to rank global risks by severity in a two-year time frame. The first five are:
Misinformation is the leading risk factor in peoples’ minds today, and it feeds into each of the other categories. Misinformed people are poorly equipped to address the issues that threaten to impact their daily lives, including extreme weather events, cybersecurity incidents, and armed conflict.
These risks are not isolated from one another. As a threat intelligence leader that helps organizations identify and address cybersecurity risks, PRODAFT predicts that the consequences of each risk category will augment and strengthen the others.
Leaders will have to navigate an increasingly complex risk landscape that includes misinformation campaigns, extreme weather events, highly politicized media, cybersecurity threats, and geopolitical tensions. Each of these risks contributes to additional second-order and third-order risks down the line.
While cyber insecurity is not the top concern many leaders have today, it is a risk that connects multiple levels of society at a global scale. Not only does it indicate that organizations are unable to protect valuable assets from cybercriminals, but it also suggests institutions are failing to protect the sensitive data that’s been entrusted to them.
Many organizations are genuinely underprepared to address even basic threats. The global lack of talent, lack of resources, and lack of security awareness culture mean that many organizations never go beyond generic security measures like installing anti-virus solutions and firewalls.
Cybersecurity policy failures are deeply connected to many other risks, including:
Let’s take a closer look at how security preparedness impacts the threat impact of these risks individually.
Cybersecurity has an important role to play in ensuring emerging technologies have a positive role in people’s lives as they become increasingly commonplace. Attackers are already using prompt injection methods to make large language models like ChatGPT and Bard work in unintended ways. These attacks can cause the AI system to output sensitive information without the developers’ knowledge.
Prompt injection attacks have resulted in AI systems outputting sensitive API keys, user data, and more. However, this is a small-scale risk compared to the potential consequences of unsecured architecture becoming commonplace in AI-powered systems.
If AI-driven systems start routinely managing large amounts of sensitive data — like government IDs or payroll and salary data — people may become victims of data breaches on a scale never seen before. The erosion of public trust will cause societal polarization to get worse and reduce economic opportunities for people around the world.
The technology industry has already consolidated around a small number of enormous multinational corporations. The seven largest publicly listed technology companies are worth $12 trillion as of early 2024. Unsurprisingly, these organizations are also the ones investing in emerging technologies like artificial intelligence.
At the same time, although all these organizations are multinational in scope, they are primarily American organizations working in the United States. The concentration of power follows the concentration of economic and financial resources, which can strain the capabilities of low and middle-income countries across the world, as well as their respective domestic technology leaders.
This comes with serious cybersecurity implications. The risks associated with nation-state cybercrime and illicit economic activity will rise and may challenge the security capabilities of even the largest and most well-funded organizations. They will almost certainly be able to compromise smaller-scale organizations.
Censorship and surveillance are closely related to adverse outcomes for artificial intelligence because many use cases for AI enable new surveillance capabilities. For the few decades of its existence, the Internet has empowered people to have a voice regardless of their social class or other privileges. This may change if emerging technology is placed in the hands of powerful organizations that wish to maintain the status quo.
This risk could manifest in several ways, including the export of authoritarian digital norms across many different countries. Citizens would be vulnerable to political repression and misinformation, especially in places where upcoming elections may be contested on the grounds of foreign influence.
This risk is deeply connected with the risks associated with misinformation and disinformation, especially when political authorities are responsible for implementing censorship policies. As more disinformation enters public discourse, the potential for unrest and insecurity rises.
Increasingly sophisticated cyberattacks have already contributed to critical infrastructure failures in many parts of the world. From the Colonial Pipeline attack in 2021 to more recent attacks against Ukraine’s power infrastructure, leaders everywhere feel an acute need to improve cybersecurity policies and guarantee their systems work reliably.
If critical infrastructure disruptions become more frequent, people will have a much harder time gaining access to much-needed infrastructure and services. This can lead to economic downturns, interstate armed conflict, and involuntary migration — all of which make society more polarized, paving the way for misinformation and censorship to become increasingly palatable.
When combined with highly advanced emerging technologies, technological power monopolies, censorship, and critical infrastructure disruptions, cyber insecurity paves the way towards illicit economic activity. This is already happening with the well-established misuse of blockchain-powered cryptocurrency to fuel ransomware attacks.
As new technologies get released to the public, these pressures will create ideal conditions for more organized illegal activity to take place. As organized crime becomes more powerful, it will draw resources and influence away from legitimate institutions — the same institutions already losing public trust due to the effects of misinformation and societal polarization.
Security leaders need to pay close attention to global risks that extend outwards from cybersecurity. Leaders who understand how security threats translate into bigger, more fundamental challenges on a global scale are better equipped to manage risk effectively. Part two of this series will demonstrate some of the things security leaders can do to improve their risk management efforts in a global context.