Forum Institutional

How to prioritize resilience in the face of cyber-attacks

Black and glowing red laptop keyboard representing cybersecurity threat

The majority of cyber experts expect a catastrophic cybersecurity event within the next two years. Image: Daniel Josef

Akshay Joshi
Head, Centre for Cybersecurity, World Economic Forum
This article is part of: World Economic Forum Annual Meeting
  • New technologies are evolving quickly creating new cybersecurity vulnerabilities.
  • Businesses can do more to increase their resiliency, including improving cyber literacy.
  • The focus on geopolitics and third-party risk offers an entry point for a wider conversation about cyber risk.

For organizations large and small, neglecting cybersecurity is increasingly untenable.

The Global Cyber Outlook 2023, released this week at the World Economic Forum’s Annual Meeting in Davos, Switzerland, found that geopolitical and economic uncertainty around the world is exacerbating the threat of potentially catastrophic cyber-attacks, increasing the risk for businesses across sectors.

While progress has been made in bolstering cybersecurity awareness and preparation, there is more that businesses can do to increase resiliency, including improving cyber literacy, communication and information sharing.

Have you read?

Geopolitical risk increases cyber threat

In the past year, geopolitical risk roared back to the centre of world affairs, upending supply chains and disrupting major industries ranging from energy to food commodities. New technologies are also evolving quickly, and with these come new vulnerabilities, which attackers – some of whom have strong geopolitical motives – are often swift to exploit.

In fact, the new outlook found that 93% of cybersecurity executives and 86% of their business counterparts view the risk of a catastrophic cyber event occurring within the next two years as either ‘high’ or ‘moderately high’. Such events could include, for example, a crippling ransomware attack or a breach of sensitive consumer data – either of which would cause large-scale disruption and be costly reputationally and financially.

As the report notes, increased risk has already prompted 50% of respondents to reevaluate the countries in which they do business, while others fear business disruption and reputational damage as a result of geopolitical-related cyber-attacks.

Interconnected operations pose new risks

The fear of a major attack also, in part, reflects the interconnected nature of operations today. Digital transformation is creating technological interdependencies, the size and nature of which have often yet to be fully understood.

Increasingly, consumer data and technology is shared across supply chains, which means that a cybersecurity event can quickly ‘cascade’ from one organization to another, as well as across borders.

Awareness and the fear of third-party risk has increased rapidly in the past year. A total of 90% of respondents voiced concern about the cyber resilience of third parties, particularly those that have direct connections with, or process, organizations’ data.

As a result, the report reveals that leaders are strengthening controls for third-party access to their organizations (73%) or data (66%), and decision-makers are working to mitigate cyber risk. Notably, business and security executives ranked their highest priority as incorporating cyber resilience into business strategy.

Discover

How is the Forum tackling global cybersecurity challenges?

Information sharing is improving but ...

Encouragingly, the tech versus non-tech dynamic that dominated boardrooms for several years is changing. There is an increasing meeting of minds and an improving awareness – particularly on the part of boards – not only about what cyber risks are, but their role in addressing them. Boards are more likely to think about cyber risks and listen to their cyber experts, the report revealing that 56% of security leaders meet with their board at least once a month.

Where there remains a problem is with business leaders clearly articulating the risk that cyber issues pose to their organization. This in turn, makes it harder to agree on how best to address the risk. As the report suggests, cyber experts should present security issues in terms that board-level executives can readily understand and act on, while business leaders should accept greater accountability for overall cyber capacity.

... skilled recruitment remains a problem

Moreover, finding the right types of people to identify, assess and manage cyber risk as well as deal with a major cyber event is important. To do so, however, the long-running technology talent shortage needs to be addressed.

As the situation stands, 64% of cyber leaders and 59% of their business counterparts, rank talent recruitment and retention as a key challenge when it comes to managing cyber risk. Worryingly, fewer than half of the survey’s respondents reported having the right people with the right skills to respond to cyber-attacks.

Fortunately, a shared understanding of this problem has grown in recent years, making it more likely that the necessary talent recruitment programmes will be developed. This will help create a larger, more inclusive pool of diverse talent, including individuals with crisis management skills as well as an ability to think about problems creatively and differently. It will also help dispel the misconception that cybersecurity is highly technical, which is not always the case.

Loading...

The report also highlights that business leaders (76%) and cyber executives (70%) are increasingly likely to view data privacy laws and cybersecurity regulations as an effective tool for reducing cyber risk. Compliance can pose challenges, but at the same time, regulation – along with the added pressure of shareholder expectations – is incentivizing cyber security action.

This is positive because to create a security-focused culture, organizations need to find both a common language and metrics that will turn cybersecurity information into something that can be readily measured and analysed.

There is still, however, work to be done in developing clear regulations about what needs to be reported, and when, in the event of a breach. Horizontal (the same level throughout an organization) cyber information sharing has grown and is typically prioritized over its vertical (through all levels) counterpart. Here the report points to the need to embed cyber risk management – and best practice – vertically, suggesting that frequent, meaningful discussions can improve clarity and understanding.

The current focus on geopolitics and third-party risk offers an entry point for a wider conversation about cyber risk. The situation is improving, but insufficiently swiftly for most organizations and businesses to be confident that they are equipped to address a major cyber event. Resilience and preparation should be at the centre of strategy.

To achieve this, cybersecurity experts need to improve how they deliver their messages and data, while leaders must better judge what cyber risk means for corporate governance and investment decisions.

This article originally appeared on Arab News.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Tech and Innovation

Share:
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

What is the gig economy and what's the deal for gig workers?

Emma Charlton

November 22, 2024

Forum Stories: A new home for ideas, solutions and analysis on the world's biggest issues

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum