What does geopolitical instability mean for your cybersecurity?
Recent geopolitical developments such as the war in Ukraine and the tensions between the West and China are symptoms of increasing geopolitical competition between different blocs — especially in highly strategic sectors. This is driving higher cyber risk in strategic sectors such as energy, critical infrastructure, technology, telecommunications, and chemicals as well as the banking sector. As geopolitical tensions are expected to continue going forward , global cybercrime damage is expected[1] to hit $10.5 trillion annually by 2025.
Because organisations worldwide are relying on technology more and more, they need to raise their cyber awareness. But many large organisations aren’t taking cyber seriously. They’re not investing enough, not keeping up with technological change — or the ambitions and capabilities of cybercriminals. And the cyber talent shortage[2] further exposes companies to cyber threats.
Who are the main actors, and what are they doing?
The rising level of geopolitical competition is one reason cyber attacks will persist at elevated levels in 2023 and beyond. Since the start of the Russian war in Ukraine, there was a 300%[3] increase in state-sponsored cyber attacks targeting users in NATO countries compared to levels in 2020. Cybercrime will remain an attractive geostrategic realm because it targets data and digital systems, offers a degree of anonymity or deniability, and does not have clear consequences or terms of engagement.
But there is only a relatively small number of governments that have significant cyber capabilities. Among the most cyber-capable governments[4], there is a high degree of coordination among those that are members of the Five Eyes[5] — Australia, Canada, New Zealand, the UK and the US — and, to a lesser degree, among those countries and France, Israel and Japan. In contrast, China, Iran, North Korea, Russia — representing 77%[6] of all cyberoperations since 2005 — and others will continue to operate more independently.
Governments are not the only cyber actors though. Cybercriminals and “hacktivists” will remain key players in cyberspace. These private groups will continue to be based in countries with advanced technological education, widespread internet access and limited economic opportunities — and often where populations have political disputes with great powers. There are many allegedly state-sponsored hackers whose mission is to target organisations in the West to disrupt operations, demand financial compensations or gain access to sensitive IP. The Code of Federal Regulations (CFR) found that in 2022, 55%[7] of state-sponsored cyber attacks were suspectedly sponsored by Russia and China. The risk of hacktivism is therefore likely to grow as the war in Ukraine and the West-China decoupling trend continue.
What are the risks?
In terms of threats, ransomware will remain the most common form of cyber attack. In part this is because cryptocurrencies offer a relatively secure way of collecting ransoms. The global cost of ransomware is predicted to pass from $20 billion in 2021 to approximately $265 billion annually by 2031[8]. Supply chain attacks — in which malware is distributed to a large number of organisations through a software application — will likely also be increasingly common, particularly as hacktivism continues to rise.
New tech is exposing organisations to more risk than ever before. The bigger the digital footprint, the more entry points open to cyber attack. Digitalisation – boosted by COVID-19 and AI innovation – is increasing stocks of sensitive data. The volume of data created and replicated globally is projected to experience a threefold increase[9] between 2022 and 2025.
Take the energy sector for example. New technology is being rolled out to enable the transition to renewables. Solar and wind farms are increasingly connected to “smarter” digital grids to help anticipate weather patterns and link demand with supply – and this means much more cyber risk exposure for our energy network.
One example of this vulnerability came in the first weeks of the Russian invasion, when a US satellite company’s ground infrastructure was attacked to disable internet access for many Ukrainians. But the company’s satellites also provided links to several thousand wind farms in Germany, which meant 11 GW of power couldn’t be operated.
This has made more organisations realise the reliance of their critical infrastructure on IT, software, and telecom networks. Similarly, manufacturing, mining, logistics and many other sectors are adopting IoT technology to drive efficiency in operations, opening up new attack vectors. Many industrial control systems are not designed to be connected, but are becoming more automated to enable remote maintenance and data collection. And when a machine, especially an older machine, is connected to the internet, cyber risk will only increase.
The adoption of current and future AI innovations will further increase companies’ cyber vulnerabilities by expanding the digital surface in which threat agents could act. Moreover, the integrity of AI toolsets is only as good as the data sets it uses to provide answers. If data sets are compromised by a sophisticated threat actor, this will impact the integrity of the corresponding output which organisations may increasingly rely on for important business decisions.
Cyber needs to be on the board agenda more than ever
Cyber is often seen as a non-functional requirement – if it does not affect the bottom line, it is not a priority. Until the cyber risk materialises. And the risk of that happening in the next few years has greatly increased: It may be a large data breach or, even more worryingly, a major disruption to a critical service that society relies upon.
For large organisations, Boards need to be aware of both geopolitical risks and their link with cyber challenges, which requires board members who have knowledge and understanding of both topics and how they are interlinked.
The EU[10], US[11], UK[12], Australia[13], China[14], Japan[15] and other countries are refreshing their national cyber-strategies and will likely increase cybersecurity standards and disclosure requirements – organisations therefore may need to provide more detailed information including potentially naming the cyber representative on their boards to reassure investors.
Cyber attacks can significantly disrupt business, and other impacts include loss of customer trust, operational disruption and financial impacts from recovery costs or subsequent regulatory fines. So, any move to strengthen cybersecurity is a step in the right direction, with one caveat – while CEOs can hand over operational responsibility to CISOs, they can’t pass on accountability for any cyber breach.
领英推荐
Questions to ask yourself:
To respond to the current geopolitical tensions, organisations need a geostrategy , as well as a comprehensive cybersecurity strategy. This must include a multi-layer approach combining robust defence mechanisms with an incident response and recovery plan. Click here to find out more.
The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organisation or its member firms. ?
[8] https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/
[9] https://www.cio.com/article/191539/rethinking-data-management-for-faster-time-to-value.html#:~:text=According%20to%20analyst%20firm%20IDC%27s,reach%20180%20zettabytes%20by%202025 .
[11] https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia
[12] https://www.gov.uk/government/news/cyber-laws-updated-to-boost-uks-resilience-against-online-attacks
[13] https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy