Nations' reliance on the internet and connected services means the potential damage from cyber-attacks is one of the biggest risks facing the world today, according to a report from the World Economic Forum (WEF).
The threat of cyber-attacks and cyberwarfare sits behind only extreme weather events and natural disasters in terms of events likely to cause disruption in the next five years, according to the WEF's Global Risks Report 2018. The WEF is an international body which brings together business, political, academic, and other leaders to help shape the global agenda.
The report highlights ransomware in particular as a cyber-threat, and says that 64 percent of all malicious phishing emails sent during 2017 contained file-encrypting malware.
But that's relatively low-level compared with what could be achieved should cyber-attackers -- whether backed by a nation or an organised criminal gang -- focus more of their attention on industry and critical infrastructure.
"In a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning," warns the report.
"Cybercriminals have an exponentially increasing number of potential targets, because the use of cloud services continues to accelerate and the Internet of Things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020," says the report, adding: "What would once have been considered large-scale cyberattacks are now becoming normal."
Most attacks on critical and strategic systems have yet to succeed, but the WEF says the growing number of attempted attacks suggests the risks are increasing, especially as the interconnected nature of the world means attacks can cause "irreversible" systemic shocks.
While the report says approaches to cyber-risk are improving, it argues that much more needs to be done to protect organisations -- and society as a whole -- from attacks.
"Geopolitical friction is contributing to a surge in the scale and sophistication of cyberattacks. At the same time cyber exposure is growing as firms are becoming more dependent on technology," said John Drzik, president of global risk and digital at Marsh.
"While cyber risk management is improving, business and government need to invest far more in resilience efforts if we are to prevent the same bulging 'protection' gap between economic and insured losses that we see for natural catastrophes," he added.
Looking to the future, the report warns about the possibility of 'war without rules' if state-on-state conflict escalates unpredictably due to the absence of cyberwarfare rules -- potentially leading to miscalculations and a fog of uncertainty which could lead to attacks and retaliations that spread and cause damage to unintended targets.