Investors have a role in securing our shared digital future

grandpa monile

(Gervyn Louis, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Algirde Pipikaite, Project Lead, Governance and Policy, World Economic Forum & Martina Cheung, President, S&P Global Market Intelligence


Cyberattacks have almost doubled in the past five years with no sign of slowing down. Due to the increasing number of cyber breaches, there is a market shift towards demanding more secure technological innovation. After major cyberattacks such as NotPetya and WannaCry paralysed some businesses around the globe for weeks, cyber-risk rapidly became one of the most important factors to consider when taking an executive decision on company strategy.

What is the role of the investment community in securing our digital future? Increasingly, evaluating the cyber-risk of target investments, and monitoring and mitigating the cyber-risk of portfolio companies are becoming part of investors’ fiduciary duty. They have an opportunity and the leverage to deploy investable capital in improving a portfolio company’s cyber-capabilities.

They have a responsibility to invest capital in enterprises. Knowing that they are looking for significant returns on investment, and that cyber-responsible investments are key long-term components of viable enterprises, it is also in their economic interest to foster responsible innovation.

In terms of managing cyber-risks, certain industry sectors are starting to demand more security features from their suppliers. For example, the healthcare sector in the US is multiplying demand for more secure products. Hospitals have started requiring that medical-device makers improve the cyberdefences of their internet-connected infusion pumps, biopsy imaging tables and other healthcare products. Hospitals are testing devices and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities. Other sectors are also starting to be aware that technology permeates all businesses and that they need to pay attention to the consequences.

With the growing demand for security-by-design products, better security features are increasingly rewarded by the market. Privacy and security are of growing importance for consumers. Recent research by Bain & Companyhighlights that enterprise customers are willing to buy more of and pay more for internet of thing (IoT) devices if their concerns about cybersecurity risks are addressed. It also suggests that 93% of executives would pay an average of 22% more for devices with better security.

The market may be calling for more secure innovation, but progress is not happening fast enough; it is not outpacing the speed at which digital trust is deteriorating. The World Economic Forum has been working with its partners to identify new ways of ensuring that the security of a product and its innovative features are incorporated throughout all stages of development, from design to the user experience. The investment community has been identified as a key core group that can lead investment portfolio companies and entrepreneurs towards greater security in the next generation of technological innovation. The first step is awareness and a global business framework to assist investors, and others, to raise digital security as a core component of risk.

The Forum’s Centre for Cybersecurity has developed high-level principles and a cybersecurity due-diligence assessment framework for the investment community. The principles and cybersecurity framework offer guidance to investors on how to prioritize security within their investment portfolio companies, assess the cybersecurity preparedness and innovation security of a potential investment target prior to investment, and grow the cybersecurity capabilities of an organization post-investment.

Investors can apply the six principles in their investment strategy and processes to improve cybersecurity in their portfolio companies, their innovation and to better protect their intellectual property – one of the most valuable assets of any innovative company.

The overarching cyber principle consists not of technical know-how alone, but rather is based on security awareness in governance and investment. Cyber expertise can be achieved by establishing: 1. cyber risk tolerance; 2. cyber due diligence; 3. an appropriate incentive structure to either incentivize cybersecurity or disincentivize insecurity; 4. the integration and development of people, processes and technology, and; 5. the regular review of cybersecurity developments and challenges, and collaboration and sharing of best practices. These cybersecurity due-care principles should be integrated into all phases of the investment journey.

Investors need to incorporate cybersecurity due diligence in the overall due-diligence process. To do so successfully, they need a standardized tool to evaluate cybersecurity preparedness and the degree of cyber-risk at a target company. The cybersecurity assessment framework is the first step towards such a tool for investors, helping to identify gaps in the target company’s cyber-risk management programme and governance. The assessment results allow investors to identify areas where cybersecurity needs improvement and where they can act to help prioritize it for the purpose of reducing cyber-risk.

The World Economic Forum has developed a Cybersecurity Due Diligence Assessment Framework consisting of two parts: 1. organizational security; and 2. product security. Using this framework, investors can evaluate not only an organization’s cybersecurity, but also the security of technological innovation, or product.

Note that the investor’s cyber responsibility is not over once the due diligence assessment is performed. If the investor decides to invest in the company, it is their duty to guide and lead the company to better security practices and improve in areas where the portfolio company might be underperforming or presents a higher risk level. Cyber resilience and preparedness are a continuously evolving process; they need to be reviewed regularly and adjusted.

Ultimately, the purpose of developing more secure products is to reduce the attack surface by diminishing the number of vulnerabilities in technology and ensuring that products and systems are resilient, and can be recovered quickly in case of attack. Actively evaluating cyber-risk in their investment targets and leading their investment portfolio companies towards better cybersecurity, investors can play a decisive role in securing our shared digital future. Though designed for investors, this framework can apply to other constituencies, and raise awareness and digital education to key core components of a risk assessment framework.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

EU funds must reach media and creative sector, say MEPs

4 ways the circular economy can help heavy industry reduce emissions

Inclusion and diversity isn’t just good for employees – it’s good for the bottom line

Hunger and obesity in Latin America and the Caribbean compounded by inequality: UN report

Drugs cost too much. There is a better way to fund medical innovation

MWC 2016 Live: Roshan CEO opens up on Afghanistan challenges

Will Merkel ever steer the EU migration Titanic and restore her power in Germany?

Northern Ireland: Parliament wants to secure post-Brexit regional funding

Thailand gave healthcare to its entire population and the results were dramatic

European Commission adopts new list of third countries with weak anti-money laundering and terrorist financing regimes

Young people struggling in digital world, finds latest OECD PISA survey

Botswana has decriminalized gay sex. But, it’s still illegal in 70 countries

Cultural leaders envision a post-COVID world

State aid: Commission approves €50 million Italian support scheme for production and supply of medical equipment and masks during Coronavirus outbreak

Britain’s May won the first round on the Brexit agreement with the EU

Pandemics are here to stay. Here’s how to prepare for the next one

Anti-vaccination scaremongering: What should we know about anti-vaccine argument?

How personalized care can tackle the late-life loneliness epidemic

GSMA Announces New Keynote Speakers, Event Updates for 2019 “MWC Los Angeles, in Partnership with CTIA”

FROM THE FIELD: New sensors protect vulnerable Malawians against deadly lightning

Unequal burden: how the COVID-19 pandemic is adding to women’s workloads

“What a Wonderful World”: the unsettled relationship between Climate Change and Human Health

Robots, Artificial intelligence and Dentistry

Can the Tokyo Olympics help bring the world together?

Impacts of COVID-19: lessons and strategies for the future

Ebola in DR Congo: New transmission chain risks reversing major gains

Cocaine and opium production worldwide hit ‘absolute record highs’ – major threat to public health says UN study

Mental Health: In Times of COVID-19

The unpleasant truth of plastic straws

‘Jerusalem is not for sale’ Palestinian President Abbas tells world leaders at UN Assembly

Breaking news on European Youth Employment: European Youth Forum Guide tackles poor quality internships!

European Border and Coast Guard: Council adopts revised regulation

UN chief appeals for calm as Mali presidential election draws to a close

Fairer, simpler, more flexible EU farm policy: MEPs vote on post-2020 reform

This app uses augmented reality to rewrite ‘herstory’

‘We need to do more’ to transform the world, deputy UN chief tells African audiences

Bayer’s cross at night (Copyright: Bayer AG)

The EU clears Bayer-Monsanto merger amid wide competition and environmental concerns

Long-term EU budget: It is not possible to do more with less, say MEPs

How TV has brought mental health issues into the light – and helped to banish stigma

Trade Committee advocates lower tariffs in Western Sahara

UN chief welcomes South Sudan’s Unity government, lauds parties for ‘significant achievement’

1 in 4 Africans had to pay a bribe to access public services last year

EU Trust Fund for Africa: Can it be beneficial for Italy and tackle the migration crisis in the Mediterranean?

One-third of young people still optimistic despite COVID’s dramatic hit on education and jobs

Earth already has a perfect recycling system. So why not use it?

Financing fossil fuels risks a repeat of the 2008 crash. Here’s why

Here’s why the tech sector could be the next target for Chinese investment in Africa

Asia-Pacific showing ‘decisive leadership’ on road to 2030 Sustainable Development Goals, deputy UN chief tells key forum

Future EU-UK Partnership: European Commission receives mandate to begin negotiations with the UK

‘Stronger’ effort must be made to cement peace deal for South Sudanese women and girls: UN Women chief

Why sustainable packaging is good for profits as well as the planet

Polish de facto ban on abortion puts women’s lives at risk, says Parliament

2018 Sakharov laureate Oleg Sentsov receives his award

Science leads the response to COVID-19. These 25 scientists are tackling the other global challenges

Khashoggi murder trials must public and meet international standards, UN expert urges

Cybersecurity should be a source of hope, not fear. Here are 5 reasons why

Use “blockchain” model to cut small firms’ costs and empower citizens, urge MEPs

UN chief welcomes resolution to 27-year-old disagreement over renaming the former Yugoslav Republic of Macedonia

Africa-Europe Alliance: two new financial guarantees under the EU External Investment Plan

We need a global convention to end workplace sexual harassment

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s