2024 Risk Forecast: Things to Monitor

As if the last few years haven't already offered enough global turmoil, 2023 made it quite an interesting year to be a risk management professional. Being in the data center industry, there are hardly any risks we're insulated from, and at the same time, many high risk external dependencies support our uptime and operational stability. That said, I've definitely grown accustomed to being more aware of not just the present, but looking to the past for influences on the future. After such a fascinating year, I felt it would be neat to compile my thoughts on an industry-agnostic 2024 risk forecast, using a sample of events that we've seen over the last few years. In the spirit of sharing thoughts on "what's next", I've split the forecast into a few different important domains to make it an easier digest.

Just a reminder that the following are my own thoughts!

Global Logistics and Shipping:

• Keep a close eye on water levels at key canals such as the Suez and Panama. Recent droughts, as well as long term climate change impacts are changing the way traffic flows through these strategic waterways, presenting challenges to shippers when vessels run aground, and when stoppages are put in place. Inevitably, these will impact the supply chain for critical industries globally, as we saw during the pandemic when the Suez canal had significant traffic challenges. Additionally, shipping lane and port security in geopolitically stressed areas will play a massive role in keeping global trade rolling smoothly.
• Maintain a close watch on movements in The Strait of Taiwan (as China/Taiwan tensions continue to rise), Red Sea (due to attacks and continued Houthi aggression on both military and civilian ships), and the Gulf of Aden (as piracy begins to see a comeback as a byproduct of a strong resurgence of further instability in Somalia). This alone could warrant its own forecast, but checking in on Maritime traffic in general can give a great indication on what's going to happen in the world weeks ahead of time, especially when thinking about the flow and subsequent price of goods traveling to/from international hubs.
• Lastly, and not to spoil anything related to the cyber domain, after a major hack impacted DP World in Australia, the Maritime industry is once again in the crosshairs of threat actors. Hopefully we don't see this trend continue as the wounds are still relatively fresh from the giant 2017 Maersk eraserware attack, which crippled their IT operations around the world for weeks, unsettling trade globally and sending shockwaves through the logistics industry.

Energy:

• New natural gas pipelines to Europe will be something to keep a pulse on as the EU and others continue their strategy to become more comfortable in independence from Russia in Energy production. Certainly these, and other energy (particularly oil) exports globally will be more relevant than ever as well, due to OPEC's continued conservative approach to production increases amidst some of the most unstable geopolitical shocks the world has seen in decades.
• With no lack of activity regarding Russia, their oil exports are still coming onto the market both directly, and indirectly. It will be worth monitoring to see how their prices change in their seemingly unexpected trade relationship with India where we've seen a slow rise cost per barrel. Perhaps 2024 finally sees this relationship fizzle out when India no longer finds the Russian prices advantageous?
• Coming from the aforementioned notes on the maritime industry, shipping routes (such as the Red Sea) for oil barges are becoming even more challenging in areas of conflict. With piracy rising, and non-state groups utilizing weaponry against commercial vessels, large oil and gas companies will shy from danger to protect investments, driving up both delivery time and cost with a knock-on impact to global commerce.

Cyber and Information Security:

• As if "business as usual" cyber attacks and those stemming from the Russia-Ukraine conflict weren't enough to make us all nervous, the Israel-Hamas conflict has come with it's own set of cyber challenges. Israeli owned software companies, and their tools have recently come under attack by IRGC-backed cyber terrorists, impacting end users around the world regardless of their affiliations in the Gaza conflict. At the tip of the spear, both adversaries have most certainly ramped up nation-state activities aimed at slowing down each other's kinetic advances in Gaza and aid in building short term tactical advantages.
• In a related arena, a terrifying increase in operational technology (OT) cyber attacks has been a wake up call to critical infrastructure operators around the world. Industrial control system (ICS) and supervisory control and data acquisition (SCADA) attacks aimed at interrupting and destroying the technology that runs hospitals, energy production/transmission, manufacturing plants, telecommunications facilities, public transportation, and others continue to threaten not only the attack targets, but also the society and communities that they support. Keeping a close eye on federally imposed critical infrastructure cyberspace regulations will indicate which countries are moving the needle versus being left vulnerable.
• Supply chain compromises (similar to the Solarwinds incident) aren't letting up either, as mammoth organizations such as Okta are experiencing similar breaches, subsequently reminding end users that your environment is only as safe as your vendors'. Topics such as effective third party risk management and and "secure-by-design" are ringing loudly at Cybersecurity conferences throughout the world as industry looks for a solution to the mountain of a problem.?
• For a not-so-shocking conclusion, it's obvious that the business of cybercriminals and data breaches is still alive and well. However, on the bright side, many organizations are now wising up to the threat of ransomware and related attacks to minimize the blow of an attack. Evolving with the threat landscape is a positive tune, but one area to stay abreast of will be the cyber insurance market. Insurers are becoming more keen to underwriting policies for risky customers, and requirements for policy holders to be in compliance with good cyber hygiene are table stakes to qualify for coverage. We may also see policies become more anemic as insurers lessen the degree of risk they take on with customers. Gone are the days of full coverage policies with no semblance of best practice in place before insurers take on a client!

Legal and Policy: Similar to global logistics and shipping, this domain could easily have a forecast of it's own. But keeping it clear and concise I'll look to two specific areas.

• In 2024, look for massive pushes (and potentially execution) of regulation on the use of artificial intelligence and machine learning. Will AI be the boon everyone thinks it will? According to the desire to regulate by most governments...probably not as much as most think. The intersection of privacy and AI are like oil and water as we begin to see the risks that AI/ML present to individual users. This, paired with regulations like GDPR is a strong recipe for long term challenges. Of course, there are a myriad of other factors deciding the potential success (or demise) of AI in the real world, but time will tell (along with policy) on whether it revolutionizes technology, or fades away quietly (ahem, blockchain).
• On the opposite end of the spectrum comes environmental responsibility, more popularly known now as "sustainability." As COP28 wrapped with more advanced commitments around decarbonization and phasing out fossil fuels, participating governments are considering more formal regulation on green energy, energy efficiency, water use, and carbon reduction planning for corporations. The real question is whether infrastructure can keep pace with commitments. As global energy markets are already constrained, more renewable power is the keystone of a low, or no carbon future. Can projects come online soon enough to match demand? Time will tell, and 2024 and 2025 are key years in the race to the milestone year of 2030.

Wrap Up:

Even though I feel like I've only skimmed the surface on my thoughts exiting 2023, the risk landscape is very real, constantly evolving, and incredibly fluid. No longer does an organization need to be multinational to feel the immediate shocks and subsequent aftershocks of global risk and geopolitical tension in a world that constantly becomes more interconnected. All in all, coming into '24, watching the aforementioned industries and subdomains is sure to contribute a better informed way of risk based thinking.