Tag Archives: world economic forum

Global Risks in 2018: What Lies Ahead?

What are the biggest risks that individuals, businesses and governments face in the year ahead, and beyond? According to the 2018 Global Risks Report, published by the World Economic Forum, the environment, cyber security and geopolitics are the areas drawing the most concern.

The World Economic Forum — which just held its annual meeting in Davos, Switzerland — develops the Global Risks Report in collaboration with Wharton’s Risk Management and Decision Processes Center.

“The big message that came out of this report is the tremendous importance of the environment” as an area to watch, said Howard Kunreuther, Wharton professor of operations, information and decisions, and co-director of the Risk Management and Decision Processes Center. “It’s not that that wasn’t [a concern] earlier, but it certainly didn’t have as high a profile.”

The other big takeaway from this year’s report is how various types of risks are interdependent, which has implications for preparation and mitigation, Kunreuther said. “You begin to see clear arrows that go from climate change to food security, to natural disasters, to droughts and to a set of things that can happen.”

To be sure, cyber security, data fraud and theft don’t necessarily link immediately to something like natural disasters. But if one of those events leads to some larger, overall instability, the outcomes could be worse than expected. “[Risk interdepenency] is a critical aspect that risk managers need to think about on a global scale. One thing can lead to other things and have a cascading effect,” said Jeffrey Czajkowski, managing director of the Risk Management and Decision Processes Center. “It’s critical for people to get their heads around it and start to think about how to better manage these risks.”

See also: Global Trend Map No. 7: Internet of Things  

The report looks at 30 different risks among five major categories – economic, environmental, geopolitical, social and technological. It draws on surveys of risk experts across the globe.

‘Pushing Our Planet to the Brink’

Heading the list of the risks in 2018 are environmental, cyber security and geopolitical risks. “We have been pushing our planet to the brink, and the damage is becoming increasingly clear,” the report states. “Biodiversity is being lost at mass-extinction rates, agricultural systems are under strain and pollution of the air and sea has become an increasingly pressing threat to human health.”

On cyber security, the report says, “Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace.” On the geopolitical front, “rules-based approaches have been fraying,” the report says. “Re-establishing the state as the primary locus of power and legitimacy has become an increasingly attractive strategy for many countries, but one that leaves many smaller states squeezed as the geopolitical sands shift.”

This year’s report introduces three new sections — Future Shocks, Hindsight and Risk Reassessment — in an attempt to provide “a new lens through which to view the increasingly complex world of global risks.” The Hindsight section, for example, revisits past reports “to gauge risk-mitigation efforts and highlight lingering risks that might warrant increased attention.” The 2017 Global Risks Report listed “economic inequality, societal polarization and intensifying environmental dangers” as the top three trends that will shape global developments over the next decade.

Among the greatest risks that the report focuses on are geopolitical ones such as tensions between North Korea and South Korea, Kunreuther said. The World Economic Forum brings world leaders to the table where such issues could be discussed, he added. “We want to take down a lot of the blinders here and make sure the agendas are such that we can think out of the box.”

Cjazkowski pointed out that this year’s report also highlights the need to invest in resiliency. “There’s a big push to make communities, nations and individuals more resilient to a lot of these different risks. But the big question is: How do you pay for that? Where are you going to get the financing to [promote] resiliency?” The report is taking a first step in trying to understand those issues, he said.

‘It Won’t Happen to Me’

Bias plays a big role in how potential risks are evaluated, and the report focuses on that aspect, as well. ”You need to take a long-term view of a lot of these risks and how you’re going to deal with them,” Czajkowski said. “Oftentimes, people, organizations or governments have problems thinking with a long-term view because of short-term incentives or the short-term decisions they’re dealing with.”

“It tends [to be the case] that only after an event happens do people pay attention,” Kunreuther said, adding that the report identifies this problem as “availability bias.” “[The report] is suggesting that organizations and individuals pay better attention beforehand. We can’t think of a more important message to highlight.”

For example, he says, people may hear that there is a one in 100 chance that a major hurricane may strike their area in a given year. That may seem like a low probability to many. But, “if you’re living in the same house for 25 years, there’s a greater than one in five chance of having something like this happen.”

Kunreuther explained how such messaging could lead to some planning. “Can you take steps when you don’t think [a disaster] is going to happen?” he asked. “The issue of black swans gets brought up all the time – ‘It’s such a low probability event that we’re not going to think about it.’”

See also: Global Trend Map No. 1: Industry Challenges  

Cjazkowski offered an example of how such biases play out. The Risk Center typically classifies natural disasters as “low-probability, high-impact events” for an individual or a community. But on a global scale, such incidents become a high probability, he noted. “It is going to happen — but where that’s going to be is a different question. That is where this cognitive bias comes into play.”

Kunreuther highlighted the critical role of local officials in taking the longer-term view. “The Global Risks Report is really trying to overcome the ‘NIMTOF’ acronym – “Not in my term of office,” he said. “[We need] to get people to think there’s a longer term than just getting reelected, and that they have to think about putting money into [areas like] infrastructure.”

You can find the article originally published here.

The Cyber Threat in Manufacturing

A friend of mine asked me if the cyber-risk threat was a bit of flimflam designed to sell more insurance policies. He compared cyber-risk to the Red Scare of the 1950s, when families scrambled to build bomb shelters to protect them from a war that never came. The only ones who got rich back then were the contractors, he concluded.

I found his question incredible. But I realized that he didn’t work in the commerce stream, per se, which quelled my impulse to slap him around.

See also: 3 Things on Cyber All Firms Must Know  

I shared with him some statistics that sobered him up quickly. I explained that cyber-crime costs the global economy more than $400 billion per year, according to estimates by the Center for Strategic and International Studies. Each year, more than 3,000 companies in the U.S. have their systems compromised by criminals. IBM reports more than 91 million security events per year. Worse yet, the Global Risks 2015 report, published in January by the World Economic Forum (WEF), included this rather stark warning: “90% of companies worldwide recognize they are insufficiently prepared to protect themselves against cyber-attacks.”

Cyber protection is not just about deploying advanced cyber threat technology to manage risk; you also have to educate your employees to not fall victim to unassuming scams like “phishing,” which is stealing private information via e-mail or text messages. It remains the most popular con as far as stealing company data because it’s so painfully simple. Just pretend to be someone else and hope a few people fall for it.

While most people understand the threat to data privacy for retailers, hospitals and banks and other financial institutions, few realize that manufacturers are also vulnerable in terms of property damage and downtime. In 2014, a steel manufacturing facility in Germany lost control of its blast furnace, causing massive damage to the plant. The cause of the loss was not employee error, but rather a cyber-attack. While property damage resulting from a cyber-attack is rare, the event was a wake-up call for manufacturers worldwide.

According to The Manufacturer newsletter, “the rise of digital manufacturing means many control systems use open or standardized technologies to reduce costs and improve performance, employing direct communications between control and business systems.” This exposes vulnerabilities previously thought to affect only office computers. In essence, according to The Manufacturer, cyber attacks can now come from both inside and outside of the industrial control system network.

See also: Now Is the Time for Cyber to Take Off  

Manufacturers also need to be concerned about cyber attacks that would: a) interrupt their physical supply chain or, b) allow access to their system via the third-party vendor. Manufacturers must then take steps to mitigate those risks. When Target and Home Depot were hacked several years ago, it wasn’t a direct attack on them but an attack on one of their third-party vendors. By breaching the vendors’ weak cyber security, the criminals were able to access the larger prize.

To circle back to my friend’s weird fallout-shelter theory, it’s certainly a good idea to have a backup plan in case one is hit by a proverbial “cyber-bomb.” But rather than hunker down and wait for the attack to occur, it’s critical to educate employees, vet vendors’ cyber-security and adopt — and continuously optimize — a formal cybersecurity program.

How to Build ‘Cities of the Future’

Our cities are built brick by brick, often using construction practices that have evolved little in the last century and giving little regard to proper planning and sustainable development.

Yet innovations and new technologies have produced progressive means of constructing the built environment to ensure that urban infrastructure, once in place, can make a valuable contribution to the workings of a city for centuries to come, withstanding many changes in use and function. Good urban infrastructure needs to anticipate change, be built to adapt and to be resilient.

The Global Agenda Council on the Future of Cities has detailed 10 of the most important urban innovations that will shape the future of our cities. At the heart of these innovations is an understanding that the cities of the future need to be flexible and adaptive on a day-to-day level – doing more with less space and resources – and, in the long term, be able to adapt to the powerful mega-trends placing heavy pressures on the urban environment. The three key trends that will shape the agenda of cities for years to come are: demographic shifts, a changing environment and resource scarcity and technology and business model disruption.

Demographic shifts

The UN reports that the global population will rise to 9.6 billion by 2050. Nearly all of this population growth will occur in cities – it estimated that 66% of the global population will live in urban areas by 2050. Most of these cities are located in the global South and, at present, lack the capacity and resources to ensure that growth is sustainable.

Unchecked urban population growth can lead to vast unsustainable urban sprawl, or the creation of dense slums. Cities will need to accommodate more people without increasing their urban footprint; increasing density, without decreasing quality of life. This can be achieved with reprogrammable living space such as MIT’s reprogrammable apartments or by building structures with multiple uses in mind, ensuring that they can be used for different purposes at different times of the day or week, such as reusing office space or schools for social or leisure activities during the evenings or at the weekend.

In the developed world, years of declining birth rates and longer life expectancy are leading to a rapidly aging population, with its own set of challenges. The effects of this demographic shift are already being felt in countries including Japan, Italy, Germany and Norway, with pressure being put on cities to rethink the provision of urban infrastructure, embrace universal design and reuse and repurpose buildings and infrastructure that is becoming obsolete.

See also: Moving Closer to the ‘Smart City’  

This trend is also increasing the demand for health and social services and the provision of housing that will meet the needs of people during their 100-year life. Tokyo is at the forefront of this trend; an estimated 200 schools per year are closing, and the city is repurposing them as adult education centers, senior homes and places of leisure and exercise for the elderly. Cities in other advanced economies need to prepare for this eventuality.

Changing environment and resource scarcity

The world’s climate over the next century is likely to shift dramatically. Increased occurrences of extreme weather events, desertification and rising sea levels all threaten the world’s cities. Fifteen of the world’s 20 largest cities are located in coastal zones threatened by sea-level rise and storm surges. To prepare for these challenges, cities need to be resilient, building coping mechanisms into their urban fabric. If well-designed, infrastructure that protects against high-impact climate events can also be flexible, serving a valuable purpose for the entirety of its life. Projects such as New York’s Dry Line, or Roskilde’s flood defense skatepark combine resilient infrastructure with a space for community leisure activities.

The urban planner Patrick Abercrombie, who created London’s post-World War II master plan, reserved its hinterland as a “green belt” aimed to preserve the countryside, while also providing nourishment to the city. Today, the city’s greenbelt is global, and water and resource scarcity in any region can easily disrupt the delicate balance between a city and its worldwide network of production.

The advent of urban farming will help to alleviate this risk. Urban farms are largely hydroponic – feeding water and nutrients directly to the roots – and closed-loop, meaning they use as much as 90% less water. They can be placed anywhere and stacked vertically, making them as much as 100 times more productive per hectare. By 2050, the world’s population will demand 70% more food than is consumed today; urban farms will help cities to feed their growing populations, creating a vertical green belt, adding flexibility into the food system with guaranteed yields and low-risk supply chains.

Cities consume vast amounts of all resources, from the materials of which they are constructed, to the demands of their citizens for products and packaging. Cities cannot continue to follow a take/make/waste pattern, filling landfills and depleting finite resources, and need to move toward a more circular economy. Systems of reuse and recycling need to be in place to smartly deal with waste, and building materials themselves need to be designed for reuse. The European Union program Buildings as Material Banks creates reusable buildings that store and record the value of their composite materials over their lifetime. Others use up-cycled materials such as shipping containers to provide low-cost, flexible housing to students and young professionals.

Technology and business model disruption

Cities are economic engines. According to McKinsey, 600 cities are responsible for 60% of global GDP. The healthy economy of a city sustains its population through salaries and entrepreneurial activity. However, all economic activity is subject to disruption; shifts in business models can create opportunities, but cites from Detroit to Liverpool have seen the possible negative effects of industrial change.

In the fourth industrial revolution, we are likely to see the biggest industrial shifts in a generation, changing the way we work and live in the urban environment. Innovations such as 3D printing, artificial intelligence and next-generation robotics will shift models of work and production in ways that are impossible to predict. Cities and businesses need to be adaptive. Google, a company at the forefront of this change, anticipates that its business model could shift dramatically. The company’s new Mountain View, CA, headquarters is adapted for this, a series of giant domes under which any number of structures, fit for any purpose, can be quickly assembled; making it completely reprogrammable for any eventual use. Cities need to take a similar approach to construction.

See also: Can Insurance Become Utility, Like Electricity?  

The sharing economy can be defined as the distribution and sharing of excess goods and services between individuals, largely enabled by modern technology. This new model is having a deep impact on the urban environment. Many consumers are moving away from ownership and toward access, renting access to mobility, entertainment or space.

Companies of the sharing economy naturally add a layer of flexibility into the city. Airbnb, for example, allows people to rent out their apartments when they are out of town, easily increasing a city’s capacity to accommodate influxes of visitors as demand increases. As the sharing economy develops, similar companies will enable cities to turbocharge their efficiency, ensuring that no excess capacity is wasted.

Humanity faces the mammoth task of adding more than two billion people to the urban population before 2050, the equivalent of creating a city the size of London every month for the next two decades. To house, feed and employ these people, cities will have to do more with less. They have to be smarter, greener and more efficient. They will have to innovate.

Quest for Reliable Cyber Security

As we still struggle to improve physical security in the brick and mortar world, we are also greatly challenged by security issues in the cyber world. The layers of cyber protections are melting away quickly (Figure 1) as evidenced by an exponential growth in cyber crime. We are all racing rapidly away from the shores of the brick and mortar world, chasing after irresistible and addictive internet-based technology.

The Cyber War Statistics and Projections

Figure 2 shows the Lloyd’s of London estimated worldwide cyber damages in U.S. dollars for 2013 (100 Billion) and 2015 (400 Billion). The Jupiter Research projection for 2019 is $2 trillion. Cybersecurity Ventures projects $6 trillion of damage for 2021. If these projections become reality, that represents a 60-fold increase in cyber damages for the eight-year period between 2013 and 2021.

An independent Ponemon Institute study sponsored by Hewlett Packard said that, in 2016, the average U.S. firm reported cybercrime damages of $17 million. The average cyber damages were much less in non-U.S. countries, but the growth in such crimes is also increasing exponentially. The U.S. National Small Business Association study said that, on average, small businesses that had their bank accounts hacked lost an average of $32,000.

See also: 10 Cyber Security Predictions for 2017  

The Cyber War Defender Sentiment

Various IT expert surveys tell us that the majority of defenders feel that we are losing this cyber war. Here are some key disturbing sentiments:

  • An iSense Solutions survey of 250 IT professionals was conducted for Bitdefender among companies that were breached. Those that suffered cyber breaches in the last year convey the disturbing news that 74% of those that were breached don’t know how the breach happened.
  • A survey by the Ponemon Institute revealed that it took between 98 and 197 days to detect the fact that a security breach has happened.
  • An AT&T (Cybersecurity Insights) report surveyed 5,000 companies worldwide that were launching Internet of Things (IoT) devices. Only 10% of IoT developers felt that they could secure those devices against hackers. It is estimated that 10 billion devices were connected to the internet in early 2016 and that the number will grow to 30 billion devices by 2020.
  • Another Ponemon Institute survey in 2016 consisting of 643 IT experts revealed that only one-third of the IT experts surveyed consider the cloud safe from cyber attacks.
  • Cyberventures estimates that $1 trillion will be spent on cyber security products and services between 2017 and 2021.
  • Cyber experts tell us that just meeting compliance is the beginning of cyber security and not the end.
  • The World Economic Forum (WEF) stated that a “significant” amount of cybercrime and espionage still goes undetected.
  • Hacker tools are cheap, fast and becoming easier to use, providing disturbing attacker advantages.

The Cyber War Executive Summary

Let’s summarize this gloomy situation. We are in an exponential growth period of cybercrime. Anywhere from 67% to 90% of experts surveyed can relate to these comments:

  • They distrust the cloud.
  • Most do not know how or when they were hacked, if they were hacked.
  • Most do not know how to fully protect the old and new flood of internet connected devices from future hacks.
  • Just meeting compliance is insufficient against hacks and cyber attacks.
  • When hacks are noticed, they are noticed three to six months-plus after the fact.

This raises the question of how IT and security professionals will spend their security budget if they have been so unsuccessful in the past and present. This is clearly a high-risk environment and getting worse.

See also: How to Stir Dialogue on Cyber Security  

Can Cyber Strategies Rescue Us?

Classic and logical-sounding cyber strategies have been and are being rendered useless by hackers and cyber-sharks. Figure 3 depicts the sad state of worldwide cyber security. Why are most cyber strategies not working? Maybe because they focus too much on the technical and do not engage all of the enterprise resources and its culture as an additional layer of defense.

Figure 4 reminds us of the words of MIT Professor Bill Aulet, derived from the original quote by the famous management consultant Peter Drucker: “Culture eats strategy for breakfast, operational excellence for lunch and everything else for dinner.”  If our cyber strategy does not harness and engage the enterprise culture as a partner in this cyber war, we should expect only limited successes.

Can Artificial Intelligence (AI) Rescue Us?

Some are touting AI and machine learning as the “last hope” for cyber security, but some experts are also quick to confess that not all AI strategies are effective and that the cyber protection industry is only at the beginning of this journey to apply AI to cyber security. This confidence in AI also assumes that the “bad guys” will not use AI to become better hackers.

Can High-Reliability Organizational (HRO) Techniques Rescue Us?

Decades ago, high-risk organizations like nuclear submarines, aircraft carriers and nuclear power plants developed a highly successful culture-based management system that was later designated as high-reliability organizations (HRO). HROs have achieved zero-incident safety records even though they are considered high-risk. Now that every organization is thrust into the high-risk cyber world, it’s time to consider the HRO playbook and assess our cultures against custom HRO cyber criteria. Airlines, railroads, power plants, hospitals and other organizations are starting to customize HRO principles to meet their stretch goals for employee, customer and patient safety.

See also: Paradigm Shift on Cyber Security  

Figure 5 shows one of the first basic enterprise system and cultural assessments required to lay the foundation for HRO cyber thinking across all layers of the organization. Such assessments will require anonymous inputs from all stakeholders and levels to ensure that all skeletons in the closet and the taboo talk rules that limit cyber successes are exposed.

The pursuit of becoming a high-reliability cyber organization is not for the faint of heart, and it is not a quick fix. It is a set of highly disciplined principles that affect the behaviors, attitudes, decision making and accountability for every level of the enterprise cascade as summarized in Figure 6. If any of the cyber security elements in the cascade has a weak link, cyber security will be at risk. The last line of defense against cyber attacks needs to be organizational and cultural and not just technical or centered on compliance.

As the world moves toward the shocking new reality of annual multitrillion-dollar cyber damages, organizations will need to combine technical and non-technical best practices for reliability to counter cyber threats. Unfortunately, it might take one or more big business failures or a major worldwide cyber calamity before more organizations start to see the value of a combined high-performance culture and technical strategy. Great successes of HRO organizations should teach us that a combined culture and technical strategy is the best way to defend ourselves in this expanding cyber world war.