The spreading of false information is the greatest risk facing the world over the next two years, according to the World Economic Forum’s Global Risks Report 2024.

Disinformation has come to the fore because of the increased ability of AI to proliferate and disseminate it, together with the high number of elections taking place in 2024.

While this is first and foremost a threat to governments and the institutions that support civil society, there is also a significant risk that companies themselves could fall foul of disinformation attacks, says Paul O’Rourke, BCG’s managing director and partner who leads the Cybersecurity and Digital Risk Practice.

More on Cybersecurity

More on Cybersecurity

Cybersecurity and Digital Risk

BCG's cybersecurity consulting combines business expertise, a strategic mindset, use of proprietary tools, and deep knowledge of cyber technologies.

Build-Operate-Transfer

BCG's Build-Operate-Transfer model helps companies seamlessly connect their people and technology, build their capabilities, and drive their digital transformation.

The So What

In addition to possible political unrest, the dangers to brands include:

• Reputational risk of deepfake videos.
• Financial losses through scams or relying on wrong information.
• Stock market implications of false information being circulated to investors.
• The erosion of trust with customers or other partners, and potential customer churn.

“There is a perfect storm of ingredients that has exacerbated the speed and exchange of information, while also making it more difficult to discern what is legitimate,” explains O’Rourke.

“Companies risk losing the confidence of customers, business partners or investors if they fall victim to an attack. There are also serious financial consequences if they have relied on erroneous information to make significant decisions.”

Now What

Companies can work alongside governments, regulators and leaders from all sections of society to seek solutions and rebuild trust. According to O’Rourke, companies should:

• Take a structured approach to planning future scenarios, anticipating what bad actors could do next. “When it comes to cybersecurity, the hacker community has always been faster than the solutions community. Brands should learn from the lessons of their cyber teams, and proactively anticipate what could happen rather than playing catch up,” O’Rourke says.
• Ask challenging questions about information which is being used for significant decision making. Place a particular focus on financial data decision and reporting, which is a core focus for fraud. Additional controls around cyber fraud detection is required.
• Make sure employees are informed, savvy and alert. Employees need educating about the higher quality of contemporary disinformation, and have a clear process for flagging anything which appears suspicious. This also involves creating a culture where people feel empowered to speak up.
• Establish the mechanisms, roles and escalation paths to provide oversight. One way of doing this would be to form a responsible AI council with leaders—from chief risk officers to social media directors— who have an integrated approach to addressing the risk.