4 ways to advance equity in cyberspace

The gap between organizations that are cyber resilient and those that aren't is growing. The World Economic Forum’s Global Cybersecurity Outlook 2024 found a 30% drop in the number of organizations that maintain minimum viable cyber resilience.

Latin America and Africa report the highest number of organizations without sufficient cyber resilience, while North America and Europe report the lowest. But the risks associated with this growing technological divide pose a threat to the entire ecosystem and disproportionately impact those that are already vulnerable.

Working to close this gap was the key topic of discussion at the Forum's Annual Meeting on Cybersecurity, which convened more than 150 cybersecurity leaders from business, government, international organizations, civil society and academia at its Geneva headquarters.

Here are four ways to advance equity in cyberspace.

Cyber resilience is business resilience. It measures an organization’s ability to minimize the impact of significant cyber incidents on its primary goals and objectives.

Addressing emerging and evolving cyber threats and achieving cyber resilience requires a risk-based approach that includes elements of secure-by-design but also addressing basic cyber hygiene throughout the ecosystem.

We explain how organizations now need to take a holistic view of cyber resilience in the Forum's Unpacking Cyber Resilience white paper, with the University of Oxford, which was published alongside the Annual Meeting on Cybersecurity.

Supply chains have become more complicated than ever with the wide and in-depth dependency on software services. Organizations are challenged in maintaining sufficient visibility of the dependencies on which their software is developed, which needs strong vendor management practices and robust approaches to risk assessment.

Establishing a strong cyber resilience culture within organizations and ecosystems involves linking cyber risks to intrinsic risks. Investing in cyber resilience reduces the economic costs of cyber incidents, while contributing to improvement in an organization’s reputation.

Trust building happens at every stage of an incident – including years before. In times of crisis, existing relationships with stakeholders at every level is necessary. Building trust through advancing organization’s resilience should be a strategic priority for organizations to prevent and navigate cybersecurity incidents.

Cybersecurity is gaining visibility on the global stage but has yet to take a central role in economic discussions. This is partly because decision-makers often have difficulties connecting cyber threats with their tangible business impacts.

More effort needs to be put into understanding the economics of cybersecurity as growth and prosperity are closely linked to cybersecurity and stability of the economy.

Cyber leaders at the Annual Meeting reinforced the strategic importance of cybersecurity to address systemic cyber inequity. The current cybersecurity environment is marked by growing cyber inequity despite a significant increase in investments in building cyber resilience. These growing gaps in cybersecurity threaten the whole ecosystem.

Smaller institutions and sectors such as NGOs and hospitals are particularly vulnerable due to insufficient cybersecurity investment and expertise. Moreover, the impact on small and medium-sized enterprises (SMEs) can be particularly severe, with 60% of SMEs that fall victim to a cyberattack closing down within six months, the white paper on cyber resilience finds.

Regulatory measures can compel organizations to meet minimum cybersecurity standards and allocate necessary resources to protect against cyber threats.

Above all, baseline cybersecurity for all is crucial. This can be achieved through establishing and enforcing minimum cybersecurity standards tailored to sectors and organization sizes. This can further be supported by affordable solutions and tied to insurance eligibility to ensure widespread adoption.

Proactive leadership to develop a global architecture of security and enhance information sharing is pressing, especially as attacks rise in frequency, sophistication and complexity.

There’s a need for systemic approaches; trusted information sharing is critical, especially when cybercrime is borderless and a very complex transnational crime. A new approach to regional cooperation is required as immediate exchanges of national intelligence are necessary.

We explore the 'how' and 'why' of successful partnerships between industry experts and the public sector in Disrupting Cybercrime Networks: A Collaboration Framework, with case studies such as Operation Cronos, that took down LockBit in February 2024.

Sovereignty in cyberspace is a topic that provokes different views and interpretations on the agency of national governments - there is a need for respect for national boundaries while also assuring interoperability. The challenge lies in fostering collaboration and interoperability while respecting the unique cybersecurity policies and governance models of individual nations.

It is important to foster a collaborative approach, avoiding an "us versus them" mentality. Emphasizing cooperation and shared goals can promote more effective problem-solving and mutual understanding between stakeholders.

Evolution of cyber calls for a more diverse and inclusive workforce with interdisciplinary skills, capable of addressing complex and emerging technological threats with critical thinking and creativity.

With technological innovations like AI and quantum computing on the horizon, there's an urgency to adapt and prepare for a future that is rapidly shifting the cyber threat landscape. This involves tackling the speed of AI evolution and its cross-sectoral challenges, understanding the blurred lines between different threat actors and addressing cybersecurity skills gaps. Organizations must plan strategically, as opposed to reacting hastily, amid these advancements.

The utilization of AI in cybersecurity is dynamic, with the potential to shift the balance of power between defenders and attackers over time. Currently, AI may provide a home-field advantage to defenders by enabling faster threat detection and response. However, this advantage could be short-lived, as attackers may harness AI to automate and execute sophisticated attacks that were previously reliant on human expertise. To maintain their edge in this evolving cyber arms race, defenders must continually refine their strategies and tools.

It is imperative to ensure that decisions on AI adoption are carefully analyzed for risk-reward balance within the specific operational context of the organization. Organizations must approach AI adoption selectively, considering where, when and how to integrate AI technologies in alignment with their unique operational needs and goals.