Global leaders must take responsibility for cybersecurity. Here’s why – and how

cyber

(Shahadat Rahman, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Marie Sophie Müller, Programme and Engagement Lead, Centre for Cybersecurity, World Economic Forum & Alois Zwinggi, Managing Director and Head, Centre for Cybersecurity, World Economic Forum


“Don’t find fault, find a remedy”, as the industrial pioneer Henry Ford used to quip. When it comes to cybersecurity today, both fault and remedy have for too long been left to the IT department. Yet in the Fourth Industrial Revolution, where ubiquitous connectivity and digitalization underpin socio-economic progress and prosperity, it is the responsibility of top public and corporate leaders to take ownership of this challenge.

As cyberattacks grow in sophistication and frequency, strategic decision-making is required to allow for more informed investment and resourcing in order to enhance preparedness and resilience. This is the first of 10 key messages and recommendations to come from over 150 cybersecurity leaders and practitioners who participated in the World Economic Forum Annual Meeting on Cybersecurity in November last year.

 

As a first step, board and C-Suite members as well as high-level policy-makers need to gain a better understanding of the cyber-risks to which their organization, municipality or country are exposed. This does not mean becoming full-on technical experts; technical expertise rests with the ICT and information security departments or contracted cybersecurity service providers. What urgently needs to improve is the communication and translation of cybersecurity issues between practitioners and leadership. If corporate and government leaders have a strong grasp of their entity’s vulnerabilities and which critical assets are at risk, they can take timely strategic decisions on investment and resourcing to bolster their organizations’ resilience and safeguards. The recent downgrade of Equifax by Moody’s showed that cybersecurity readiness is increasingly priced in, and requires a holistic approach to be successful.

Such an approach may require rethinking organizational structures and governance in order to break down silos and enable a more robust cybersecurity posture. Beyond economic losses, the legal, reputational and even physical consequences of a cyberattack can be massive. Leaders must mandate greater cyber-savviness across organizational functions such as risk, compliance, legal, human resources and communications, among others.

Cross-functional task-forces and crisis-response teams that are clear on processes and protocols are crucial when cybersecurity crises hit. When the Norwegian aluminium and renewable energy company Norsk Hydro faced a ransomware attack in March 2019, it decided to refuse payment of the ransom, to report the attack immediately and to be transparent about impact, response and recovery – in addition to collaborating with law enforcement by sharing information. Furthermore, this occurred shortly after the company’s long-standing CEO had stepped down.

From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
Image: World Economic Forum Centre for Cybersecurity

Navigating a cyberattack successfully under these circumstances demonstrates the importance of having a robust crisis management strategy in place to mitigate negative consequences. Again, this requires corporate leadership to understand and monitor the actual status of their company’s cybersecurity risks, and their response and recovery plans (which equally applies to public entities or NGOs, too). Such readiness also requires regular training and practical exercises.

Beyond that, a culture of cybersecurity needs to be instilled across the organization, from the top floor to the shop floor. The human element in cybersecurity cannot be underestimated. Yet while basic cybersecurity training and hygiene need to be internalized by staff, leaders can leverage technological innovation to curb key attack vectors. For example, new authentication methods can help to replace passwords – one of the most prevalent entry points for data breaches.

Leveraging such technologies requires investment – well spent, considering they can help secure our digital future. Moving data to the cloud, for example, clearly entails risks around confidentiality, integrity and availability. Yet outsourcing security maintenance to cloud providers may actually be beneficial, especially for entities with a limited cybersecurity budget. Providers can better understand the threat environment, deploy the latest security technologies and also cater for physical access security within data centres.

Or consider artificial intelligence (AI). Deploying AI for threat detection and analysis as well as for incident response enables more effective and efficient cybersecurity. At the same time, cybercriminals are adopting new technologies even faster and to their advantage. The developments in AI, quantum and identity management, among others, call for ever-greater investment to stay ahead of malicious actors. Needless to say, talent development also requires funding to build a strong cybersecurity-aware workforce.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

Beyond preventing reputational, legal and even physical damage, what are the incentives for such investment and for the development of a holistic cybersecurity approach and culture? Market players such as insurers and investors are increasingly paying attention to the cybersecurity posture of an organization in their decision-making and offerings. Coherence, however, is still missing. Therefore, trusted and verified cybersecurity ratings are needed to improve assessment and comparability across peers. This not only helps to evaluate organizations’ resilience, but could increasingly guide consumer, citizen and investor decisions. Digital trust has evolved as a critical currency in the Fourth Industrial Revolution and cybersecurity has already become a competitive differentiator. At the same time, considering the systemic risks – and opportunities – at stake, digital trust and cybersecurity require collaboration at a pre-competitive level and concerted action by all stakeholders.

Global cooperation across the public and the private sectors is vital – from promoting dialogue and accelerating new models of effective collaboration beyond geo-economic fault lines, across advancing “security by design and default” in the development of new technologies and digital networks, to accelerating knowledge transfer and the adoption of best practices to address the global deficit in professional skills and adequate capabilities, particularly in emerging economies.

Equally, and particularly to prevent the balkanization of the internet, maintaining an open and secure internet must be a collaborative effort between the public and private sectors. The Internet Service Provider Principles – launched at this year’s World Economic Forum Annual Meeting – are a major step towards reinforcing safety and trust in cyberspace. They are but one example of how the World Economic Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust can provide a neutral, trusted and globally recognized platform to facilitate cooperation and deliver tangible impacts in global cybersecurity.

Had Henry Ford known that his conveyor belts could be brought to a halt by a hack, that his supply chain would only be as cyber-strong as its weakest link and that the company’s data and intellectual property could easily be stolen by cybercriminals, he would have set out to find a remedy. For private and public-sector leaders today, notably seeking to give meaning to the notion of stakeholder capitalism, it is their responsibility to take full ownership of the cyber challenge and to work out a remedy together.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

European Commission: the LED lights of your Audi A6 shall save our planet

A new approach to scaling-up renewable power in emerging markets

Ensure that widows are ‘not left out or left behind’, UN chief urges on International Day

COVID-19 wave III and the lessons learned

Threats from mammoth banks and Brussels fuel May’s poll rates

EU and Amazon cut deal to end antitrust investigation over e-books deals

MEPs urge EU countries to be transparent about their COVID-19 vaccine supplies

Here’s how private investors can turn plastic into gold

Still a long way to go to achieve gender equality in all EU countries

Africa is set to get its first vertical forest

‘Millions facing starvation’ – Global political and business leaders on the economic impact of COVID-19

How the gender commuting gap could be harming women’s careers

Will 2020 be the year blockchain overcomes its hype?

Progress in medical research: leading or lagging behind?

Bacteria vs. humans: how to fight in this world war?

The future of energy is being shaped in Asia

What we know and what we don’t know about universal basic income

The first new university in the UK for 40 years is taking a very different approach to education

OECD household income up 0.7% in first quarter of 2018, outpacing GDP growth

First seat projections for the next European Parliament

The energy industry is changing. Are governments switched on?

What is the IMF telling Eurozone about fiscal and banking unification?

Trump ‘used’ G20 to side with Putin and split climate and trade packs


Re-thinking citizenship education: bringing young people back to the ballot box

Commission issues guidance on the participation of third country bidders in the EU procurement market

Car rentals: EU action leads to clearer and more transparent pricing

What’s going on in Chernobyl today?

Here’s how we get businesses to harmonize on climate change

Why are the Balkans’ political leaders meeting in Geneva this week?

Support for EU remains at historically high level despite sceptics

US pardons for accused war criminals, contrary to international law: UN rights office

European Business Summit 2015: In search of a vision for the future

Brexit casts a shadow over the LSE – Deutsche Börse merger: a tracer of how or if brexit is to be implemented

Migrants and refugees face higher risk of developing ill-health, says UN report on displaced people in Europe

Autumn 2019 Standard Eurobarometer: immigration and climate change remain main concerns at EU level

Stop the waste: UN food agencies call for action to reduce global hunger

The term AI overpromises. Let’s make machine learning work better for humans instead

How blended finance helped to keep energy supplies flowing during COVID-19

What will a post-pandemic economy look like? Here’s what chief economists expect

Innovation is the key to the pay-TV industry’s long-term growth

Mergers: Commission approves GlaxoSmithKline’s acquisition of Pfizer’s Consumer Health Business, subject to conditions

Coronavirus: Commission launches call for innovative response and recovery partnerships between EU regions

Parliament names radio studio after journalists murdered in December attack

4 things to know about the state of conflict today

World-famous cultural institutions closed due to coronavirus are welcoming virtual visitors

As Houthi forces withdraw from key Yemeni ports, UN monitoring chief welcomes ‘first practical step on the ground’

Get out, stay out: how financial resilience helps end poverty

The ‘ASEAN way’: what it is, how it must change for the future

30 years of tissue engineering, what has been achieved?

Businesses are lacking moral leadership, according to employees

Mental health and suicide prevention

‘Perseverance is key’ to Iraq’s future, UN envoy tells Security Council

Belgium: Youth Forum takes legal step to ban unpaid internships

European Commission recommends common EU approach to the security of 5G networks

The Future of Balkans: Embracing Education

The European Parliament fails to really restrict the rating agencies

Gas pipeline in the European Union. (Copyright: EU, 2012 / Source: EC - Audiovisual Service / Photo: Ferenc Isza)

EU Investment Bank approves € 1.5bn loan for Trans Adriatic Pipeline (TAP)

Could Europe become the first climate-neutral continent?

Venezuela’s needs ‘significant and growing’ UN humanitarian chief warns Security Council, as ‘unparalleled’ exodus continues

More Stings?

Trackbacks

  1. […] The article: Global leaders must take responsibility for cybersecurity. Here’s why – and how […]

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s