“World Economic Foundation Global Risk Reports 2011 Outline Linkages and Risks to Watch.
The World Economic Foundation just released its created a collection of resources to support understanding, thinking, and decision-making about risk. The Global Risks Report 2011 is available as an interactive web site, or a 60 page PDF.
For context, WEF staff outline some of the resources used to product the 2011 report:
- “The starting point for Global Risks 2011 was a risk perception survey of 580 leaders and decision-makers across the world.”
-
“The survey was supported by 18 workshops and over 50 expert consultations to assist the (World Economic) Forum’s in-house risk analysis.”
-
“Survey respondents assessed the potential impact, likelihood, and interconnections of a range of 37 global risks, looking forward over a ten year period.”
The report does not stop at the traditional likelihood-impact graph, but delivers another view of the situation by outlining the interconnections between each of the global risks, and by organizing the risks into logical groups. Their discussion of the web of interconnections between the risks and groups of risks may be the most important output of the 2011 report. There is a lot of content in this report and supporting materials. Risk management professionals involved in financial services should be able to make use of this rich resource in a variety of contexts.
After a quick scan of the materials, a few things stood out as useful for me. Most immediately, the analysis of linkages between information security and other global risks will support my work attempting to help others make decisions about risks involved in global financial services.
This report includes a discussion of what the authors called the “illegal economy nexus” within the Risk Interconnection Map. At its core, were three broad risks: illicit trade, corruption, and organized crime. The authors argue that “emerging economies suffer under chronic threats to development as well as acute threats to stability,” while the advanced economies drive “the demand for the illegal economy nexus, face regional and global instability, as well as the pressure to participate in corrupt practices.” [see: http://riskreport.weforum.org/#/2/7 and http://riskreport.weforum.org/#/?re_layout=0&re_IDs=28]
In the World Ecomonic Forum Risk Report, links between online data and information security extend into the illegal economy nexus through organized crime, corruption, and also have direct linkage to regulatory failures, critical information infrastructure breakdown, infrastructure fragility, threats from new technologies, and terrorism.
For a slightly more extended discussion of these linkages see: “The global risks barometer,” also by the World Economic Forum.
On page 37 of the “Barometer,” it defines “Online data and information security” as “The accidental loss of data or fraud online triggers a loss of confidence in data sharing, negatively affecting e-commerce and communication,” and then identifies a set of key risk drivers and indicators:
These drivers increase this risk:
- Lack of transparency on meta collection of data and algorithms
- Difficulty of tracing altered data and infiltrator activity and the lack of agreement on how to intervene when erroneous data is created or misallocated
- Incompatibility of new and old systems, carrying risks of destabilizing the network
- Increased reliance on cloud services for data storage and analytics
This driver can both increase or decrease risk.
- Extent to which policy and regulatory frameworks can keep up, given the lag between innovation cycles and government decision-making cycles
These drivers reduce this risk:
- Deterrent effect of clear legal framework to penalize offenders
- Information sharing among governments and private firms regarding loss events
- Improved education and personal awareness on ethical and moral responsibilities of online activities, including a false sense of security from encryption
- Development of best practices for data security
The report then outlines a number of “Global Impacts:”
- Disruption of global e-commerce and network communication as security concerns make users retreat from online services
- Paralysis of business and governance as trust decreases in data collection, storage, distribution systems and organizations processing mass data
- Increased degree of tolerance to breaches of privacy
- Negative blow to the open source society affecting data and process sharing which hampers innovation and trust
- Unexpected second- and third-order effects through the interconnectedness of systems and data which are generally poorly understood
In their polling and research, the authors of the “Risk Report” found that “cyber thieves experience a substantially lower feeling of guilt than is apparent in other criminal activities.” [page 66] This idea or finding has been around for quite some time, sometimes a slice of it is abbreviated into a discussion about how individuals behave differently “at work” than they do when they work from home — which some personnel leaders discount. But delivering this message to participants at the World Economic Forum Annual Meeting in Davos might help factor it into senior decision-making circles.
I have only touched on an extremely small subset of the content in this rich set of resources. I strongly recommend it as a serious read for all security professionals in financial services.
-References-
“Global Risks 2011, Sixth Edition – An initiative of the Risk Response Network.”
http://riskreport.weforum.org/ or in PDF format at http://riskreport.weforum.org/global-risks-2011.pdf
World Economic Forum (January 2011) in collaboration with Marsh & McLennan Companies, Swiss Reinsurance Company, Wharton Center for Risk Management, University of Pennsylvania, Zurich Financial Services, with Co-editors: Kristel Van der Elst and Nicholas Davis.
“The global risks barometer.” by the World Economic Forum, at http://riskreport.weforum.org/barometers-2011.pdf