WEF Highlights Urgency For Global Rules to Fight Cybercrime

Cybercrime, including recovery and remediation, has become a multi-trillion-dollar global industry that, if gone unchecked, is expected to incur US$10.5 trillion in annual losses by 2025, according to Cybersecurity Ventures. Despite the proliferation of these so-called advanced persistent threats (APT), there is a consequential absence of global norms, standards and rules to mitigate and prevent cybercrime, underlines the World Economic Forum (WEF).

“Cybercriminals operate internationally, and we need international rules in order to crack down on them,” writes the WEF. 

Cybersecurity threats are increasingly sophisticated as they are pervasive, indiscriminately targeting individuals, critical infrastructure and nation states, which risk deepening geopolitical tensions, according to the 2023 Global Risk Report. A challenge further compounded by a limited pool of security experts, scant incident reporting and lack of global agreements concerning the regulation of cyberthreats. This essentially leaves individual nation-states attempting to combat invisible, multipolar non-state actors with limited visibility and intelligence. 

At the heart of this problem is that, in their majority, public authorities, corporations and civil society groups are not mandated by law to report incidents of data breaches and cybertheft. Although abstaining from reporting incidents is often practiced to protect social capital, it obscures the true depth and scale of the issue necessary to understand and counteract it. The only two countries to count with such compliance mandates are the US and the EU; however, the language is limited to specific industries and critical infrastructure providers. 

While the WEF offers the UN’s 2019 Cybercrime Treaty as a framework to build global cybersecurity norms, fragmented geopolitical interests among the permanent security council members are expected to delay the ratification of the final document and its agency. Currently, negotiations are still ongoing with many questions and sweeping concepts still unanswered, including establishing intent and mechanisms for enforcement. which if not carefully curated could, “also serve as a vehicle for countries to criminally prosecute security researchers, technology companies and others for activities that are essential to the overall security of our global digital community,” according to Just Security Forum. 

More likely to be successful, at least in the short-term, are regional bilateral agreements such as the Mexico-US Working Group on Cyber Issues, which aims to “build a more secure, resilient region and expand collaboration to address shared threats in cyberspace.” This has been preceded and followed by other countries that have sought to augment their security postures through bilateral and multilateral agreements.