Perception of global risks, why security must remain at the forefront

The World Economic Forum recently released its Global Risks Report 2022, now in its 17th edition. The report examines the main risks perceived internationally by various sectors of the global economy, based on an extensive survey of market experts and corporate decision makers.

This is the starting point for the analysis of Andrea Lambiase, Head of Management Consulting and Data Protection Officer at Axitea, an advocate of cyber security remaining a priority for organisations, from the bottom all the way up to the corporate board.

Of the six strands (divergent and uneven economic recovery, climate transition, digital security, migratory pressures, spatial crowding, pandemic resilience) along which the identified potential issues centre, health and environmental issues generated the greatest concerns.

This is an understandable result when one considers the state of pandemic emergency in which we still find ourselves today, two years on. Digital security, for years a key business managers’ concern, seems to have taken a step backwards. But is this really the case? Or does the outbreak of other emergencies, perceived as more critical at this time, threaten to overshadow a danger that should, instead still be considered?

The data clearly point towards the second hypothesis. Indeed, according to the Clusit Report 2021, cyber-attacks have grown strongly over the past year, both quantitatively and qualitatively in terms of the severity of their impact. In parallel, losses from criminal actions have increased: from an estimated $1 trillion for 2020 to $6 trillion for 2021. Restricting the analysis to Italy only, the monthly average of attacks defined as ‘serious’ increased by 30 per cent, from 124 to 170, between 2018 and 2021.

Thus, the results of the Global Risks Report should not be read in the sense of a reduction in digital security risk, but, on the contrary, of an increase in the perception of other dangers, which could therefore lead to an underestimation of what remains a constant in recent years, namely cyber risk. For this not to happen, a major effort is required from both institutions and security providers, who must keep the issue of security at the forefront.

While institutions can do this with dedicated legislation and incentive programmes to push organisations to adopt the right approach to security and consequently the right technologies, an equally important role will be played by security vendors, who must be able to communicate properly, raising the level of awareness among the companies they interface with. In this sense, the position of security providers is even more important, because they are at the exact intersection of the social, economic and technological risks that emerge from the report.

Data and infrastructure security no longer impacts only the individual process, or even the individual organisation. But, with the emergence of an ever closer interdependence between once distinct economic and production environments, the potential fallout of a cyber attack on a major structure – a large company, a utility, a public service provider – can be incalculable, impacting on aspects that are not strictly technological, such as the availability of essential services to users or citizens.

The role of security has changed, drastically. And with it, the way security is communicated and considered must now change, by the providers themselves but also by all those with a role of responsibility in their organisation. It is now clear that digital security is no longer a technological aspect, but a business element, and a very relevant one at that. A cyber attack is not an end in itself, but has important economic consequences, because it disrupts business processes and blocks communications with customers and partners. In the worst case scenario, that of ransomware, it renders corporate data, the main asset of any organisation, inaccessible.

Companies must address this scenario appropriately, with an overall vision that must take into account the technological aspects, but also and above all the organisational and procedural ones. An effective corporate security programme no longer depends solely on the solutions selected, but on the design of the overall architecture and above all on the behaviour of the individual users involved in the processes. This generates another potential critical aspect, which is purely organisational. How far is it possible to monitor people’s behaviour in order to protect security without exceeding the limits imposed by the various regulations on privacy and confidentiality? The answer is a balance that can only come from an overall view of the entire structure.

In other words, precisely because of its criticality, security must become a concern of corporate management, no longer just of IT specialists. It must be incorporated into business processes already at the planning level, so that it can be efficient and effective, as well as sustainable.

Axitea

Axitea operates as a Global Security Provider, integrating security services with innovative technologies and physical and cyber protection systems within a market undergoing a strong transformation due to the convergence of IT, telecommunications, controls, automation and the Internet of Things. Thanks to the knowledge, skills and experience developed over time in the areas of Surveillance, Security and Privacy, Axitea offers a wide range of services, ranging from territorial monitoring and proactive management of alarms and interventions, to the development of specialised skills in the design, implementation, integration, maintenance and management of technological platforms and solutions dedicated to physical security, access control, video surveillance, satellite monitoring and ICT infrastructure protection.

Press contacts
Nico Paciello – Marketing & Communication Manager
Tel. +39 02 30031502– nico.paciello@axitea.com
Axicom Italia
Chiara Possenti / Sandro Buti
chiara.possenti@axicom.com / sandro.buti@axicom.com