In a world that is increasingly digitally connected — yet ideologically splintered — geopolitical turmoil can spread in real time via the internet, worrying both global businesses and investors alike. This interconnectivity is putting key infrastructure at risk of cyberattacks perpetrated by nation-states, politically or ideologically motivated hacktivists and terrorist organizations.
“Geopolitical risks and threats are extremely important today and we believe they will remain important for years to come,” said David Burg, PwC’s Global Cybersecurity and Privacy Advisory Leader. “Smart companies must be aware of geopolitical threats as they make decisions about how to minimize cybersecurity risks, or accept the risks of doing business in a particular part of the world. Responsible companies are investing the time to study this issue and then designing programs that are fit for purpose to address today’s very real risks.”
Business leaders have good cause for concern. State-sponsored cyberattacks have more than doubled over the past three years, while incidents perpetrated by activists and hacktivists increased 83%, according to findings from The Global State of Information Security® Survey 2017. While less prevalent, security incidents attributed to terrorists climbed 24% over the past three years.
Managing this matrix of threats is an enormously complicated proposition, however, because cyberattacks are often intangible in nature and political turmoil can be difficult to predict.
“It’s absolutely essential that businesses bring geopolitical threats into their risk-management program and, when necessary, put them on the CEO and Board agenda.”
Geopolitical events are notoriously difficult, if not impossible, to forecast, particularly in turbulent geographies and governments. This underscores the need for business leaders to develop resilience — the capability to bounce back from events such as cyberattacks.
Resilient organizations align risk management with strategic planning, establish clearly defined and automated security processes for information technology and use analytics to predict and rapidly respond to attacks. They also develop strategies for business continuity, succession planning, strategic alignment and data analytics. Further, business leaders should identify known geopolitical threats and treat them as enterprise-wide business risks, just as they would more tangible issues such as financial instability.