At the advent of the fourth industrial revolution, while we are seeking to reap its many potential benefits, we must simultaneously be aware of the considerable risks that are likely to emerge as transformative technologies are assimilated across processes and functions of industry, government and broader society.
One of the key challenges that we must overcome to effectively embrace this new digital ecosystem are cyber attacks, which can cause the breakdown of our information infrastructure.
The WEF’s recently published Future Series report, Cybersecurity, emerging technology and systemic risk, paints a vivid picture of the unfolding cyber risks resulting from the complexity, speed and scale of today’s fourth industrial revolution technologies.
It becomes clear that internet-connected systems and devices have created an interdependent, global digital ecosystem, resulting in a wider ‘attack surface,’ and a greater scale of harm from a successful cyber attack. Many of KPMG firms’ insurance clients have been pondering exactly this issue.
Meanwhile, the rapid growth of artificial intelligence (AI) raises questions about the ways the underlying algorithms are designed and used, and the scope for adversarial manipulation and a very different style of cyber attacks.
All of this speaks to the importance of the security and technology communities coming together with national and international government bodies to guide the way ahead. Policy frameworks which mitigate the risks, but without hindering the vast promise of emerging technologies. A basis for creating trust in the building blocks of our future world.
Since sharing our perspectives on this topic one year ago, it’s worth noting how COVID-19 has influenced our cyber security landscape. The pandemic has accelerated the adoption of digital and cloud technologies in both the private and public sectors, and clearly those technologies have become vital to our society.
However, this rush to embrace digital tools has also heightened our dependence on Internet-connected technologies, and cyber criminals have subsequently augmented their own efforts to exploit that dependence. Thus, during the year, we witnessed a steady stream of high profile cyber attacks on private enterprise, government and social media platforms.
Despite the potential vulnerabilities inherent in our digital ecosystem, it’s also very encouraging to observe the pace at which robust digital infrastructure was rolled out during difficult times.
Even more heartening was the collaboration amongst business, technology and security teams working to safeguard these rapidly deployed services. It reiterates that these often-siloed parties need to work together effectively to introduce secure innovation at market speed.
The pandemic has also raised awareness among political and business leaders of the global interdependence of many critical functions and the nature of cross-border supply chains. So, we’ve continued to see progress by both national and regional authorities, despite the understandable focus on countering COVID-19.
Last year the G20 Digital Economy Ministers committed to the G20 AI Principles and discussed strategies to advance security of the digital economy including reducing systemic risk. The European Commission set out their new EU Cyber Security Strategy, with a collective approach to protect essential services from attack while encouraging co-operation across borders.
The WEF itself is playing a leading role in guiding the debate among diverse stakeholder groups, and its recent report highlights three priority areas: multilateral action to address systemic risks through global principles and standards; industry efforts to overcome gaps in existing operational cyber security approaches; and, a push by business leaders on strategic planning to address emerging risks to their critical infrastructures.
Each of these themes is essential, and increasingly urgent. For example, there’s much to be done to establish core guidelines for the foundations of our future world in areas such as connected infrastructure and digital identity management. Since every nation is struggling with these issues, we need to work together to create solutions which scale beyond individual countries.
Similarly, there remains a sizable body of work to develop the capabilities to successfully secure AI. This requires technical skill sets very different to classic cyber security skills: a whole new discipline which is a hybrid of data science, security, privacy and ethics expertise.
And of course, we must build the regulatory capabilities and frameworks best suited to Industry 4.0 and a new industrial revolution, exploring which market interventions will drive the right behavior. Should we focus on mandatory regulation of suppliers, on voluntary product certification regimes, on consumer protection measures, a legal structure which assigns liability or an indirect mechanism such as compulsory insurance. Fortunately, cross-border regulatory cooperation is increasing, with a growing base of academic research to support effective policymaking.
Industry action is also critical to build a solid foundation of digital trust among customers and other users of these technologies. New technologies bring fears and concerns, only too well illustrated through the unfounded concerns over the links between COVID-19 and 5G. The public have every right to expect a growing level of protection, reliability, transparency and oversight as these technologies exert an ever-greater influence on our daily lives.
If history has taught us anything about industrial revolutions of the past, it’s that they are not just about unbridled adoption of technology. To succeed they must also foster public trust.
These imperatives may appear daunting at this early stage in the journey; however, we can take heart in the headway made during the past year. There are signs that governments and industry are coming to terms with the need for constructive dialog, the regulatory frameworks are maturing and the need for international co-operation is being recognized.