Mon, Jan 16, 2023

Live from Davos - Cyber in 2023: Geopolitical and Economic Risks

Live from Davos – Cyber in 2023: Geopolitical and Economic Risks
Kroll’s Jason Smolanoff, President of Cyber Risk, and Megan Greene, Kroll's Global Chief Economist, provide perspective on cyber and the economy in 2023, considering the current geopolitical landscape.

The World Economic Forum’s Annual Meeting in Davos this week is titled “Cooperation in a Fragmented World.” The theme reflects the instability and uncertainty that shaped 2022 and sets the stage for 2023. Cyber has continued to play a leading role. We have seen cyberattacks cause widespread operational disruption, reputational damage and financial harm to their targets—at a cost of trillions of dollars. Meanwhile, the ongoing Russia war on Ukraine demonstrates that the threat landscape contributes to geopolitical and economic uncertainty beyond national borders.

Live from the Davos Economic Forum, we explore these trends and how cybersecurity can influence individual companies and global markets alike. We also examine what businesses can do to bring stability to their organization in these uncertain times. 


Background on Global Cyberwarfare

In November 2022, during NATO’s Cyber Defense Pledge Conference in Rome, NATO Secretary General Jens Stoltenberg said, “Cyber is now a domain of operations equal to those of land, sea, air and space.” It is a bold statement and, as a nascent concept, cyber warfare is still a much-disputed term. However, it is arguably fitting when cyber tactics are designed to disrupt and dismantle supply chains, government operations and critical infrastructure beyond borders. In many respects, the cyberwarfare we’re seeing in the context of Russia’s war on Ukraine could be viewed as a war behind the war. This cyber activity can start long before any boots are on the ground and can continue in times of peace. 

Russia’s invasion of Ukraine has included elements of cyberwarfare targeting critical infrastructure in the region, as well as allied nations. For example, there have been several ransomware attacks on munitions companies, defacements against U.S. airport websites, and a huge distributed denial of service (DDoS) attack that crippled one of the largest banks in Russia. Problems continue as the tactics, techniques and procedures (TTPs) of nation state actors are also used by financially motivated cybercriminals who target businesses indiscriminately. 

The cyberwar stories we hear on the news are likely just the tip of the iceberg and often reflect the incidents that the nation state actors want appearing in the news agenda. There are many more nation state cyberattacks that are more covert. These are usually a combination of cyberattack methods and highly sophisticated espionage. 

It is important to note that cyberwarfare and nation state cyber activity exists beyond the Russia-Ukraine war. We have recently witnessed cyberattacks that can impact a country’s entire population. The Pacific Island nation of Vanuatu lost access to emergency services, government emails and phone lines in November 2022. Today, many government officials and staff in Vanuatu continue to rely on personal email accounts to conduct day-to-day business. Hospitals are using pen and paper for vital communications. 

The motivations and identities of cybercriminals and state actors can be difficult to obtain, which adds to the sense of cybersecurity uncertainty, and increases the risk of businesses being caught in the crossfire. Individual threat actors can operate under guidance or protection from a nation state or be directly motivated by financial gain. They can belong to multiple hacking groups, who all have different motivations and alliances. It is becoming harder to discern motives as a single attack, which could accomplish many goals. Regardless, these attackers will chip away, using multiple tactics and attacks, to achieve their objectives of destabilization or financial gain.

Economic Impact of Cyberattacks

Cyberattacks can hit the economy on both a micro and a macro level. Costs related to cybercrime are forecast to reach $10.25 trillion a year by 2025 worldwide, a figure on par with the world’s global energy bill. Meanwhile, global cybersecurity spending is forecasted to grow by more than 10% in 2022-23. 

On an individual company level, calculating the economic impact of cybersecurity is challenging because there are both tangible and intangible costs. Compliance is a useful starting point because financial penalties are widely documented and easy to track over time. Indeed, the average cost for organizations experiencing non-compliance issues is now $14.82 million, a 45% increase from 2011. In 2021, the GDPR fines alone reached $1 billion. The financial cost of non-compliance is already significant and is becoming even more so following mandatory reporting from CISA and the introduction of CISA’s first strategic plan.

Many cyber incidents have an immediate and concrete cost, whether it’s a ransomware payment made, valuable IP stolen or loss of productivity due to operational downtime. There are also costs associated with each stage of a cyber incident, including investigation, remediation and notifications/disclosures. The latter are the most complex, time-consuming and costly element of a breach—where damages to reputation, loss of value and litigation challenges occur. 

Our CFO research, Cyber Risk and CFOs: Over-Confidence is Costly, found that seven out of 10 companies lost 5% or more of their valuation following their largest cybersecurity incident in the previous 18 months. According to Sustainalytics, a major cyberattack influences a firm’s stock price for 50 trading days. Companies experiencing cyber incidents significantly lag the market and sector benchmark one year later as well. Returns for these firms on average are -0.65% after the cyberattack, whereas the average return in the year prior to the incident was +8.47%.

When firms increase their cybersecurity spend or take a hit to their valuation because of a data breach, they may either pass the higher cost on to customers in the form of higher prices, generating inflation, or they may accept margin compression, resulting in lower investment and employment and dragging on growth. This is yet another unseen way that cybersecurity uncertainty can impact the wider economy. 

Responding to Cyber Risk in a World of Economic and Geopolitical Uncertainty

Russia’s war on Ukraine has prompted a change from a “whole of nation” approach to cybersecurity to a “whole of society” approach. In line with the World Economic Forum’s call for “Cooperation in a Fragmented World,” we are likely to see more cooperation in the future between the public and private sectors. Companies should be in regular touch with the public sector regarding cybersecurity best practices and industry regulations, for example. 

As a global provider of end-to-end cybersecurity services, we know the scale and complexity of the challenge in front of us. We also know that there is no silver bullet solution. However, there are ways for organizations to regain a sense of control when the world around them feels like it is spiraling. 

The key principles of cybersecurity involve detecting threats early, being prepared to respond confidently and effectively while being cognizant of regulations and legal requirements. There’s a combination of tech, people and process decisions that need to be made by every organization, which span penetration testing, compliance, threat detection and response, and breach notification

In response to the current climate of cyberwarfare and rampant ransomware activity, boards should also stay in close contact with their security leaders and CFOs. They must understand the likely financial exposure a single cyber incident would cause, as well as the impact of cyberattacks hitting multiple organizations, governments and critical infrastructure simultaneously. These scenarios need to be built into financial planning. 

For anyone following the news from Davos, expect to see cybersecurity assume center stage alongside the most important challenges facing the global economy in 2023. We will be watching intently because we believe that cyber risk will continue to impact markets and shape business decisions for the foreseeable future, as the uncertainty of 2022 looks certain to continue. 

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Threat Exposure and Validation

Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.

Cyber Governance and Strategy

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.

Managed Security Services

World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.

Notification, Call Centers and Monitoring

Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.