Anyone in information technology knows that cyberattacks represent a massive risk for enterprises. But how big?

According to a new report, cyberattacks are the third-highest risk to the world economy behind extreme weather conditions and natural disasters. The claim comes from the World Economic Forum’s Global Risk Report 2018, which compiles data from experts to assess where governments, in particular, should focus their efforts to stem off potential threats in the year ahead.

This was the first time cyberattacks were included since 2014. The report cites ransomware, particularly two major attacks in 2017 — WannaCry and NotPetya — as harbingers of worse things to come.

“In a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning,” the report notes.

Discussing the findings in the report for enterprises, Brian Vecci, technical evangelist at Varonis Systems Inc. told SiliconANGLE that 2017 was the year that data breaches joined the ranks of extraordinary disasters and became a cost of doing business, and companies need to control that cost just like any other.

“Data breaches have become commonplace and are increasing the return on investment of protecting it,” Vecci said. “Companies know what the cost and the impact of unsecured data will be on their business because they can’t pretend the costs aren’t there any longer. Recovery costs, ransom demands and lost brand equity and goodwill are going up, not down, and are getting easier to calculate.”

Vecci believes that the increased risks are the result of companies not upholding their own data standards particularly in regards to file security, an issue he said has been ignored for years.

“There’s been an inflection point with file security where the cost and risk of the attack is lower than the reward,” Vecci said. “When you have broken security, the cost of attacking a company’s data is now lower than the benefits gained and the money an attacker will get doing it.”

On ransomware in particular, Vecci said that “it’s really easy for attackers to get into a company’s network, lock down exposed data and then get paid anonymously through cryptocurrency, and the tools and techniques are there for anyone to use. You can be a kid in an internet café — it doesn’t take a black hat hacker who’s an expert honing his craft. It’s become so easy that the flaws in a company’s security have gone from minor inconveniences to glaring, potentially devastating holes in a very short period of time.”

Image: WEF