• By 2026, almost 26% of the world’s GDP could be based on internet-based and digitally-connected industries.
  • Seizing digital opportunities begins with an understanding of digital risk; at a minimum, companies need to understand their total exposure.
  • Following key principles of digital risk management will separate the companies that will thrive in the digital age from those that will not.

The COVID-19 pandemic is generating monumental challenges for most governments, corporations and societies, both online and off. There is a very high probability that we’ll look back on 2020 and 2021 in much the same way as we did during the aftermath of World War II, itself another era of profound international transformation. One thing is for certain: there is zero probability that we are returning to the ‘old normal’.

Within months, the virus disrupted systems that many take for granted – from international air travel and easy movement across borders, to access to goods and services and just-in-time supply chains that power trade. We are seeing patterns of commerce and exchange being radically fragmented and reordered. For many people left behind, the virus has exacerbated divides, deepened inequality and expanded extreme poverty.

Although a handful of countries have started on the path to recovery, especially in Northern Europe and Asia, most have tightened their borders and curtailed services. Despite the emergence and roll-out of vaccines in record speed, between 20% and 30% of the global population is still living under some form of lockdown or closure.

Although the economic costs of the pandemic are severe, they are only just beginning. Global GDP contracted by at least 3.5% in 2020 and while a rebound is expected, the disease has had far-reaching effects on small and medium-sized businesses and wider sustainable development indicators. Whilst the stock market is booming, the impacts on the real economy are dramatically worse than the 2008 financial crisis or the Great Depression.

Complicating matters, COVID-19 is occurring at a time of deepening geopolitical divisions, heightened tensions and trade wars. The pandemic arrived precisely at a moment when international cooperation was most needed to deal with the myriad of global challenges, from climate change to nuclear threats and cybersecurity.

Image: The Global Risks Report 2021/World Economic Forum

A threat to business

One of the most visible consequences of the COVID-19 pandemic for companies is the rapid acceleration in digital transformation. The equivalent of a decade of digital onboarding occurred in 10 months. Overnight, businesses were forced to adapt to quarantines, restrictions and physical distancing. Entire workforces started working from home, and business processes and supply chains were re-engineered.

More than ever, companies now must go digital or die. Dependence on cloud computing jumped by a third in 2020. Network operators registered as much as a 70% increase in the demand for internet and mobile data services. Videoconferencing sky-rocketed by 700% last year. Not surprisingly, the valuation of social media and remote conferencing companies soared.

This growing dependence on all things digital has a dark side. Cybercrime, especially ransomware, also increased exponentially. Digital attacks infected critical infrastructure, health facilities, federal and municipal government services, and corporations. Last year, one of the most audacious cyberattacks ever undertaken was discovered – a cascading supply-chain attack – that could change the way the internet is managed moving forward. No one is safe – and we’ve only seen the beginning.

Making matters worse, the digital economy is generating negative externalities, including accelerating climate change. Notwithstanding a slew of efforts of tech firms to clean up their act, they are still among the most unsustainable and environmentally damaging in the world. Technology redundancy and planned obsolescence are creating huge amounts of waste. And the expansion of internet services is consuming about one-tenth of global electricity production. Right now, Bitcoin mining uses over 7 GW, the equivalent of seven nuclear power plants. It has a carbon footprint comparable to that of New Zealand.

Managing digital risk

Some of the most successful businesses turn risk into opportunity. One of the most appetising is the global digital transformation and the digital economy. By 2026, almost 26% of the world’s GDP could be based on internet-based and digitally-connected industries.

Seizing digital opportunities begins with an understanding of the many dimensions of digital risk. It requires acknowledging the direct and indirect impacts of digital transformation – how technologies are changing and transforming government regulations, business efficiencies and client preferences – especially on issues of privacy and data protection.

Companies need to set their risk tolerance: how much risk are they prepared to assume in order to achieve new economies of scale?

—Robert Muggah, co-founder of the Igarapé Institute and The SecDev Group

At a minimum, companies need to quantify their total exposure. Digital risks necessarily impact on earnings and revenue. They are also intrinsically linked to technological choices and awareness of the regulatory environment. The truth is that one’s reputation in the digital age is potentially global and instantaneous. It can also be extinguished in the blink of an eye. Companies need to set their risk tolerance: how much risk are they prepared to assume in order to achieve new economies of scale?

Navigating digital opportunity

There are at least four straightforward principles to thinking about how to identify, mitigate and build resilience to digital risks.

The first is to approach digital risk as an enterprise-wide issue and not just an IT issue. Digital risk is a combination of people, processes and technologies. Determining what matters and what doesn’t starts with a risk assessment to help identify the most valued assets, where they’re located, how they are protected and who has access. It means deciding who is in charge, and delegating authority and accountability as appropriate.

A second principle requires assessing and understanding the legal applications of digital risk. The regulatory environment for new technologies is fluid and fast changing. It is shaped by politics from the international to the local levels. Concerns with foreign interference or privacy and loss of personal data are real and consequential; corporations can be fined and executives can be jailed.

The third principle is to ensure that company leadership is on top of the emerging risks and in constant contact with management. Executives must be able to answer the following questions: how secure are we and how do we know? What’s the value at risk? What are the geopolitical and geo-digital threats to the company? What are the gaps, what we need to know next? A constant dialogue with experts within the company and outside – keeping a pulse on global trends – is more essential than ever.

A fourth principle involves setting up a clear playbook to appraise and respond to digital risk. Approaches will vary and evolve, but all companies need to start by measuring the value at risk. This means assessing digital exposure as it relates to impacts on earnings, the amount of time required to fix attacks, the capital and operational costs required, the loss of revenue, and the potential for fines.

Firms should also create a risk register – integrate digital threats into the business risk model – to easily communicate threats to corporate leadership. Risk management standards are key, as is applying them so they provide the right metrics to drive decision-making.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

The COVID-19 pandemic is forcing governments, companies and societies to address digital risks in dramatic fashion. With or without rapid and sustained vaccine rollout, it is likely that many of these threats will endure for the foreseeable future. Business travel will not return at the scale of the past. Remote working will continue for many – as the recent declaration by Salesforce anticipates - especially as companies shutter their headquarters and move to more distributed work models.

COVID-19 is accelerating digital transformation, not least in middle- and upper-income settings. Cloud adoption will contribute to a wholesale redesign of enterprise networks. It is also intensifying concerns related to the protection of access to, and integrity of, data – a point made painfully clear with the Solar Winds hack. What makes the present moment exceptionally complex is that these dramatic changes are occurring during a period of intense geopolitical volatility. And while some level of uncertainty is inevitable, future pandemics, climate change and digital risks are not.

There are no easy answers to comprehensively protect ourselves from digital risks or build total digital resilience. Adaptability and agility are critical. The ability to anticipate digital risks – and following key principles of digital risk management – will surely separate the companies that will thrive in the digital age from those that will not.