YAVA at the World Economic Forum: Critical Infrastructure Is Still Undervalued as a Global Risk
- Jan 20
- 7 min read
Davos has a habit of turning the world’s anxieties into a neat list. Some of them are familiar: cyber risk, artificial intelligence, geopolitics, supply chains. Others are newer, or at least newly fashionable. Every January, the same conclusion returns in a slightly different suit: the next decade will be more volatile than the last.
All true.
Yet there is one category of risk that still sits too far down the agenda, despite being the one that can render most of the others irrelevant within minutes. It is not a new technology. It is not a novel ideology. It is not even, strictly speaking, a “future” risk.
It is the disruption of critical infrastructure — the systems that keep a country running when everything else is noisy, uncertain, or breaking.
The striking part is not that infrastructure disruption appears in global risk discussions; it does.
The striking part is how often it is treated as a secondary consequence, rather than the main event.
The World Economic Forum’s own commentary has pointed to this gap: disruptions to critical infrastructure ranked only 23rd over the next decade, which it described as a worrying mismatch given society’s dependence on these assets.
That is not a small oversight. It is a structural misunderstanding of how modern economies actually work.
Because when infrastructure fails, it does not fail politely.
It does not fail in theory, in a spreadsheet, or in the margins of a strategy paper. It fails in public. It fails in the national mood. It fails in the daily rhythm of a city, a border, a port, an airport, or an energy system. It is one of the few risks that can turn a manageable problem into a national incident before the first statement has been drafted.
And crucially, it does not need to be dramatic to be dangerous. It only needs to be sustained.
The risk everyone depends on, but nobody headlines
The modern state is, in practice, a web of systems: power generation and distribution, fuel supply, communications networks, ports and terminals, transport corridors, airports, water utilities, logistics hubs, and the data layers that sit across them.
These are not glamorous assets. They do not get the applause. But they form the backbone of everything else: commerce, mobility, emergency response, productivity, and the most basic social contract between government and citizen.
When these systems are resilient, a country absorbs shocks. When they are brittle, every shock becomes a crisis.
This is why the conversation about resilience needs to move beyond the technical and into the strategic. Cyber risk matters, of course it does. So does AI. So does disinformation. But it is critical infrastructure that provides the “real world layer” that those risks either exploit or depend upon.
A ransomware incident is serious.
A port shutdown is existential.
A disinformation campaign is destabilising.
A telecom outage is paralysing.
An AI-enabled threat may be sophisticated.
A fuel supply disruption is blunt — and it works anyway.
Infrastructure disruption has a habit of humiliating strategic language. It is a very practical kind of failure.
Resilience is not maintenance - it is national readiness
Part of the difficulty is that critical infrastructure is still too often discussed as though it were purely a facilities challenge: keep the lights on, keep the gates working, keep the systems patched, keep the maintenance schedule up to date.
Necessary, but insufficient.
Resilience is no longer a maintenance programme. It is a national readiness posture. It sits somewhere between security policy and economic continuity, and increasingly it behaves like both.
The World Economic Forum has warned that we are moving into what it describes as an “age of competition”, shaped by fragmentation and confrontation rather than the comfortable assumptions of the previous era.
In that environment, infrastructure is not simply an asset to be operated. It becomes a strategic capability to be protected.
A resilient port is national leverage.
A resilient airport is sovereign capacity.
A resilient power grid is political stability.
And the inverse matters just as much: fragile infrastructure creates opportunity for adversaries, for criminal groups, and for disruption events that do not need to be “successful” in a conventional sense. They only need to be inconvenient at scale. In the right context, inconvenience is enough.
The most common failure is not attack — it is fragility
If there is a theme emerging across markets, it is that critical infrastructure does not need an enemy to be at risk.
It needs time.
Much of the infrastructure supporting advanced economies is ageing. The WEF’s Global Risks Report 2026 notes that a significant proportion of critical infrastructure in OECD countries was built in the decades after the Second World War and will require meaningful upgrading, not incremental patchwork, if it is to remain dependable.
This is a point that is understood intellectually, then ignored operationally.
A country can live with ageing infrastructure for years. It can even normalise it. And then it discovers, abruptly, that the cost has simply been deferred rather than avoided. The bill arrives in disruption, not in budgets.
Which is why resilience needs to be treated as a long-term capability, not a one-off upgrade. It is not a project. It is an operating principle. It is the difference between service continuity and cascading failure.
The Ice Village: A reminder of what resilience actually looks like
The Ice Village at Davos is not just another venue; it is one of the places where the conversation shifts from abstract risk to applied reality.
Inside, sessions focus on the practical consequences of instability: geopolitical fragmentation, energy insecurity, supply chain disruption, cyber-physical threats, climate stress, and the growing gap between strategic intent and operational readiness. These are not theoretical discussions. They are grounded in recent events, near-misses, and systems that have already shown strain.
What is striking is not the novelty of the risks being discussed. It is how often the conversation returns to the same pressure point: when systems fail in the real world, the impact is immediate, compounding, and difficult to contain.
Across panels and closed-door sessions, a consistent theme emerges. Digital risk, AI, and cyber threats matter, but they become truly destabilising only when they intersect with physical infrastructure: energy networks, transport corridors, ports, airports, communications systems, and fuel supply chains.
This is where many global risk frameworks still fall short.
The language of resilience is well developed. The execution of resilience is not.
The Ice Village discussions reflect an implicit recognition that disruption does not need to be catastrophic to be strategic. It only needs to be persistent, poorly managed, or misaligned with governance and operational responsibility. In that context, infrastructure fragility is not a downstream effect of crisis; it is often the trigger.
What is missing in many of these conversations is not awareness, but follow-through: how strategies translate into integrated programmes that can be delivered, sustained, and operated under pressure.
That gap, between intent and execution, is where resilience either becomes real or remains rhetorical.
Where YAVA fits: closing the gap between intent and execution
At YAVA, our work is concerned with what happens after the strategy is approved and the press release has been drafted.
In other words, the hard part.
Infrastructure and security programmes rarely fail because the ambition was wrong. They fail because execution collapses under its own complexity. There are too many stakeholders. Too many competing incentives. Too many systems that do not speak to one another. Too many procurements that arrive as a collection of parts rather than an operational whole.
And too often, no genuine plan for sustainment — for training, governance, operational readiness, and the uncomfortable day-to-day realities of keeping a system running.
This is where resilience is either built properly or quietly abandoned.
YAVA supports governments and operators by securing and modernising infrastructure in a way that is designed for reality. That means programmes that can be delivered, integrated, operated, and maintained — not just purchased.
We have a simple view: modernisation without operational continuity is not progress. It is risk.
The Davos takeaway is straightforward
Critical infrastructure disruption is too low on the perceived risk agenda given how brutally it can reshape the real world.
When it happens, it does not behave like a footnote. It becomes the story.
And it has the peculiar ability to make every other strategic priority harder at once: public safety, commerce, governance, investment confidence, and, in the most serious cases, social stability.
If governments and operators are serious about resilience, then infrastructure protection must be treated as more than a technical requirement. It must be treated as the foundation of national capability and economic continuity.
Because when infrastructure fails, everything stops.
And in today’s environment, the difference between stopping briefly and stopping completely is the discipline of preparation.
Want more insights like this?
YAVA publishes a concise bi-weekly brief for government stakeholders, operators, and partners across Europe, the Middle East, Africa, and India — covering market movements, operational signals, and critical infrastructure priorities.
Comments