Technological advances such as the ”internet of things”, 3D technology and driverless cars are creating immense opportunities for businesses, but also creating existential risks. As Zurich/Atlantic Council’s report Beyond Data breaches: global interconnections of cyber risk observed, cyber risk is becoming increasingly systemic and interconnected as technology develops.
But how well placed is the global community to improve global cyber governance?
Indeed, the scale, interconnectivity and importance of today’s internet in some way resembles the pre-crisis 2008 financial system. We are now reaching a tipping point, where the growing complexity of this integrated digital landscape becomes unmanageable, leading to the possibility of a systemic disruption or collapse. Increasing cyber risks are curtailing investments into new technologies, lead to key opportunities being missed and reduce economic growth on a global scale.
Comprehensive cyber governance is essential to mitigating emerging cyber risks and managing the growing complexity of cyberspace. And because cyber attacks respect neither national nor organizational borders, such governance must be global in nature.
In his recent book, “World Order”, Henry Kissinger suggested that, eventually, technology may spell the end of our long-held perceptions of sovereignty and world order.
For now, however, it would seem that statecraft is alive and well in cyberspace, with significant implications for global cyber governance; and therefore for businesses. The Global Risks 2015 report points out that, if anything, declining trust and ideological differences among global players is contributing to a weakening of internet governance. A recent example is the disagreement between China on the one hand, and the U.S. and EU on cyber security rules. In addition, governments often occupy a dual role in which they are both defenders against foreign intruders, but in many cases also perpetrators of attacks.
Given the growing importance of global cyber governance, Zurich has teamed up with ESADEgeo, a leading Spanish business school focused on geopolitical issues and led by former NATO Secretary-General Javier Solana. The result of this partnership will be a Risk Nexus paper, containing analysis and targeted recommendations for action. The report is due to be released in late April 2015.
As ever, one of the key questions for business regarding the report will be: “what does this mean for us?”
In one sense, the private sector is well placed to act as an agent of change, championing basic principles for improved global cyber governance. While ideological splits such as those detailed above exist at a governmental level, the private sector shows greater cooperation and consensus. The IPO of China’s biggest on-line retailer, Alibaba, on the New York Stock Exchange, for example, was a reminder that its two main shareholders are Yahoo (U.S.) and Softbank (Japan).
But a pragmatic approach will also be required. Geopolitical tensions are unlikely to be resolved in the near future, and so businesses must take appropriate steps to protect themselves against the gap in global cyber governance in the meantime.
At a minimum, that would include instituting state-of-the-art cyber defenses and, as there are no complete guarantees against attack, a robust plan for mitigating and recovering from any event.
The potential implications of an attack are so severe, with potential disruptions to supply chains and significant business interruption, safety and reputation risks, that cyber security needs to be on the agenda at a board and c-suite level and applied globally.
This article is published in collaboration with Zurich. Publication does not imply endorsement of views by the World Economic Forum.
To keep up with the Agenda subscribe to our weekly newsletter.
Author: Benno Keller is a PhD, Head Research and Policy Development at Zurich Insurance Company.
Image: An illustration picture shows a projection of binary code on a man holding a laptop computer, in an office. REUTERS/Kacper Pempel