Cybersecurity

Cybersecurity needs a holistic approach. Here are three ways to build protection

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski   (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) - BM2E95L11MP01

As the internet evolves, the nature of cyber risks are fundamentally changing Image: REUTERS/Pawel Kopczynski

Paige Adams
Group Chief Information Security Officer, Zurich Insurance Group

I believe that confidence is key to getting the most from our digital world. This confidence is dependent on cybersecurity and data stewardship. That’s why, at Zurich, we look at cyber risk mitigation strategically and apply a holistic, proactive and preventative approach to cyber risk management. This is the case at all levels, from operations to strategy. We use this approach for ourselves, our customers and for wider society.

I also believe that, in order to fully leverage the benefits of the internet and the digital economy, the private and public sectors must work together to gain an in-depth understanding of the nature and evolution of underlying risks. As the internet evolves, the nature of cyber risks are fundamentally changing.

Governments, the private sector and civil society must work together closely in a multi-stakeholder approach to protect the integrity and reliability of cyberspace. This is why I am excited by the prospects of the World Economic Forum’s Centre for Cybersecurity. The better we become at working together to address problems and understand dependencies, the more secure cyberspace will be.

Currently, the overall cybersecurity and safety landscape bears similarity to the early days of aviation - dangerous, with a lot of error. Now, aviation is very safe. For cybersecurity, we have not yet achieved that level of safety. However, it’s important to remember that what got the aviation industry to a safer level was standards - global standards. This is why the work of the Forum and other international organizations is so important. We need real, meaningful agreements around information sharing, incident reporting and other issues in order to understand the risk, and in order for insurance carriers and other stakeholders to be able to play their part in mitigating it.

In addition, the development of practices that foster security-by-design or security-by-default are likely to emerge as industry standards in response to increased threats. I believe this presents a great opportunity for the Forum’s Centre for Cybersecurity to consider ways to take a leadership role in gathering and promoting security-by-design principles, best practices and security reference architectures, helping shape their direction, rather than waiting for standards to emerge on their own.

Have you read?

As Chief Information Security Officer for the Zurich Insurance Group, my team and I obviously have an important role to play, but within any organization, cybersecurity must be everyone’s job. While cyber strategy must be determined at the oversight board level, it should definitely not stop there. In order to be effective, it must be embraced by the entire organization, its systems, its supply chains and its workforce.

There are several ways in which companies can think about protection against this increased risk:

1. Build a culture of awareness

Cyber risks are no longer just an IT concern, nor are they limited to certain sectors of an organization. Every employee, from the boardroom to the mailroom, plays an important role in keeping an organization cyber secure, and understanding their responsibilities for holding data securely.

2. Adopt a mindset of cyber resilience

With reputational risk, economic losses and legal consequences on the line, it is crucial for companies to create and implement an incident response plan in the event that a cyber incident occurs. Responding quickly and effectively will not only mitigate these risks, but also ensure a successful recovery.

3. Practice, practice, practice

While practice may not always make perfect, it can be pivotal when responding to a cyber incident. Just having an incident response plan in place is not enough - it’s imperative that the plan be practiced and updated on a regular basis, adjusting as needed for different scenarios and variations of cyber threats.

I’m proud to work for an organization that is very engaged in taking a leading role in public-private collaboration on cybersecurity. Our recent endorsement of the Paris Call for Trust and Cybersecurity in the Cyberspace, as well as our announcement as a partner of the World Economic Forum’s Centre for Cybersecurity, are just the latest proof-points of this growing commitment.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybercrime

Share:
The Big Picture
Explore and monitor how Insurance is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

We asked 6 tech strategy leaders how they're promoting security and reliability. Here's what they said

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum