Why cybersecurity and information integrity are two sides of the same coin

In today's interconnected world, digital systems are fundamental to economic and societal functions – yet they face complex and ubiquitous cyberthreats. As businesses and governments become more reliant on these systems, the potential impact of cyber disruptions grows significantly.

At the same time, disinformation and misinformation are increasingly pervasive, eroding trust in information sources across all sectors. This crisis in information integrity comes at a time when accurate information is crucial for technological advancements like AI and the stability of social, economic and governmental institutions.

Both of these topics are being worked on by the World Economic Forum’s Network of Global Future Councils. What are the common issues, and how can we ensure a coherent approach to building trust in the digital economy?

In the digital domain, information integrity and cybersecurity sit on the same spectrum of risk. There is growing evidence that specific threat actors (whether criminal or nation states) combine both attack strategies, often as part of the same campaign. Considered from the perspective of the threat actor, we see that those conducting cognitive attacks on users of digital technology and those conducting cyberattacks directly targeting the technology (i.e. the underpinning hardware and software) are often seeking the same ends in terms of the financial or political objectives. In response, the information integrity community tends to focus on psychological factors – such as what makes certain user segments susceptible to particular misleading narratives – while the cybersecurity community is generally more focused on the technology. Both naturally recognize that a truly effective defence requires a holistic approach encompassing both.

The experience within the cybersecurity community over the past couple of decades is that effective mitigation requires the right balance to be struck between protective measures aimed at potential victims, and disruptive action against threat actors. Cybersecurity threat intelligence (CTI) is the glue that joins these two approaches together, enabling defenders to identify attacks in progress and to anticipate next moves, while also providing opportunities to go upstream and disrupt and deter the attackers themselves.

CTI is now a well-established capability, based on mature understanding of adversary’s “tactics, techniques and procedures”; the concepts of kill chains and attack frameworks has helped defenders to develop more sophisticated mitigation strategies by enabling them to anticipate and proactively counter-attack. Though the CTI approach is emerging within the information integrity community, the art is less well developed there and could benefit from approaches that have been honed in cybersecurity – especially given how threat actors are already blending technical and cognitive attacks.

In contrast, a lot of work on information integrity is focused on the psychology of the victims: What is it that makes them predisposed to disinformation and misinformation, and what can be done to reduce this susceptibility and help people to become more discerning in terms of the online information they consume? While understanding human factors is very much a part of cybersecurity practice, the level of in-depth psychological analysis into what makes some people more susceptible than others is less well developed than it could be. Enhanced cybersecurity awareness training for more vulnerable audiences is one possible remedy.

Research suggests that the information integrity community has focused on ideologically or politically motivated threats, and the impact on public safety and democratic processes. There is, however, a growing body of evidence that criminals are making greater use of cognitive attacks to commit fraud and extortion, exploiting advances in AI to supercharge more traditional crimes such as business email compromise and push-payment fraud. This is another area where demarcating cybersecurity and information integrity is unhelpful, and where an approach that blends insights from both can be of value.

By pooling the capabilities and insights of the cybersecurity and information integrity communities, we can be more effective in mitigating threats that arise from society’s increasing dependence on the digital domain.

More work needs to be done on understanding how threat actors are blending technical and cognitive attacks within the same campaign, and to develop a threat-intelligence sharing ecosystem that can work seamlessly across the whole domain. The attack frameworks that have been developed within the cybersecurity community need to be expanded to take greater account of cognitive attack vectors. Conversely, the cybersecurity community should seek to learn from the segmentation studies that have been undertaken by the information integrity community to identify particularly susceptible demographic and socio-economic groups in order to develop more targeted and earlier interventions to inoculate individuals from cognitive-based attacks.

The World Economic Forum Network of Global Future Councils provides a valuable platform to take this collaboration forward.