This is venture capital’s key role in driving global cyber resilience
Venture capital firms can encourage startups to prioritize cyber resilience. Image: Unsplash/Shekai
Sameer Kenkare
Head, Corporate Venture Capital and Innovation, Startup Business Development, Amazon Web Services- While innovation such as generative artificial intelligence (AI) sees massive investment, critical areas such as machine learning and operational technology security remain underfunded, exposing key sectors to cyber threats.
- Venture capitalists (VCs) can drive cyber resilience by balancing investments in innovation with corresponding security needs, ensuring startups prioritize strong security infrastructures.
- VCs must promote a culture of cyber resilience in board discussions, make security a key investment criterion and facilitate knowledge sharing among portfolio companies.
Only recently did a CrowdStrike software update send shockwaves through the global economy as 8.5 million Windows devices crashed worldwide, disrupting thousands of flights, major healthcare organizations and large banks. The incident underscores the urgent need for robust cyber resilience in today’s increasingly interconnected global digital infrastructure.
While the outage was due to human error, one critical issue still stands out: attackers can and do exploit faulty updates. This outage resulted in a significant economic disruption, with estimated losses amounting to $5.4 billion while highlighting the wide-ranging consequences of cyber threats.
In recent years, attackers have exploited several vulnerabilities to severely impact critical infrastructure operations. The attack on JBS Foods threatened food security, while attacks on the energy sector like the Colonial Pipeline and Kudankulam Nuclear Power Plant Attacks can lead to major economic disruptions.
On the other hand, the major healthcare disruption caused by the Change Healthcare breach was due to a lack of implementation of foundational security.
With the financial toll of cybersecurity incidents expected to reach $10.5 trillion by 2025, the need for robust cyber resilience has never been more urgent. This resilience can be best achieved by addressing gaps in emerging and niche technologies, such as machine learning security and operational technology security, which are often underinvested in and diversifying technology stacks to eliminate single points of failure.
In recent years, many security executives have aimed to consolidate their technology solutions following the rapid spending increase during the 2020 shift to remote work. While this consolidation can result in cost savings, it often reduces technological diversification, creating an over-reliance on large platform solutions that increase the risk of widespread outages affecting the cyber resilience of organizations and the global economy.
The role of venture capital in cyber resilience
VC firms are uniquely positioned to drive innovation, leading to technology diversification and enhanced cyber resilience. VCs play a pivotal role in fostering innovation by validating high-risk ideas and providing the necessary capital to transform concepts into realities.
With the rapid advancement of technologies such as generative AI (GenAI) and quantum computing, the need for innovation in cybersecurity is more critical than ever. These new technologies provide attackers with unprecedented speed and power to exploit vulnerabilities.
While speed is essential for capital growth, resilient organizations generate 50% higher shareholder returns than less resilient peers.
Despite the flourishing venture funding for cybersecurity startups, which saw $4.4 billion invested in the second quarter of 2024, the distribution of this capital has been uneven. Investments have primarily followed major trends such as cloud security, identity management, network security, zero trust, developer security tools and even quantum-safe solutions.
Meanwhile, critical areas such as operational technology security, subject matter expert-focused solutions, behavioural analytics, machine learning security and cybersecurity training remain underfunded.
To highlight this disparity, consider the massive investments in GenAI.
GenAI funding topped $21.8 billion across 426 deals in 2023, compared with machine learning security startups that raised $213 million across 23 deals in the same period. Securing GenAI applications and the large language models that power them will become critical to protecting companies from adversarial attacks, data poisoning (specifically training data), model evasion and jailbreaking, prompt injections and other cyber attacks.
A notable example was when Samsung uncovered employees disclosing meeting notes and proprietary code to OpenAI’s ChatGPT.
Similar trends exist across other areas of cybersecurity. Today, millions of devices, including phones, computers, vehicles, medical devices and those in factories, are continuously collecting, analyzing and transmitting data.
This connected ecosystem and the real-world data gathered from sensors used across industries is often described as the “trillion sensor economy.” Operational technology security is essential to protect these physical devices and is significantly underinvested in creating layers of vulnerabilities as the physical technology evolves.
Underfunded areas of cybersecurity have cascading impacts on society and the economy.
How VCs can drive cyber resiliency
To effectively drive global cyber resilience, VCs should help organizations leverage technology to propel growth while being prepared to withstand cyber threats. For that, VCs should focus on three key areas:
1. Balance investments between innovation and security
Balancing investments between cutting-edge technologies and their corresponding security needs is vital for fostering a more secure digital landscape. As VCs navigate the rapidly evolving technology landscape, ensuring that investments in innovative solutions are matched by adequate funding for their security is crucial.
For instance, there is a significant imbalance in funding between innovative technologies (like GenAI) and their corresponding measure to secure AI, suggesting that we are advancing faster than our ability to protect ourselves.
2. Emphasize cybersecurity as a core investment criterion
Evaluating potential portfolio companies based on their cybersecurity, business models, and growth potential is now more critical than ever.
To avoid investing in vulnerable startups, VCs should consider ensuring that startups have a robust security architecture, evaluating whether companies have comprehensive incident response and recovery plans and encouraging startups to adhere to industry regulations and standards.
Cybersecurity should be key to VCs’ investment decision-making and due diligence process.
3. Promote a culture of cyber resilience in board discussions
Encouraging portfolio companies to foster a culture of cyber resilience is vital. As advisors, fostering a security-first mindset in product design, operation and maintenance from the outset reduces the need for costly security migrations later on and lessens the dependency on specialized resources.
Gaining startup leadership’s active involvement in cybersecurity across functions, including training and awareness for all employees, is critical. Furthermore, VCs can facilitate partnerships between portfolio companies to share threat intelligence and best practices among companies, enhancing collective defense mechanisms.
In sum, robust cyber resilience is imperative in today’s interconnected digital landscape. As cyber threats escalate and evolve, VCs can drive meaningful change by prioritizing security alongside innovation. This proactive approach not only safeguards their investments but also contributes to higher shareholder value and a more secure future for all.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on CybersecuritySee all
Rob Rashotte
October 30, 2024