Global leaders must take responsibility for cybersecurity. Here’s why – and how

cyber

(Shahadat Rahman, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Marie Sophie Müller, Programme and Engagement Lead, Centre for Cybersecurity, World Economic Forum & Alois Zwinggi, Managing Director and Head, Centre for Cybersecurity, World Economic Forum


“Don’t find fault, find a remedy”, as the industrial pioneer Henry Ford used to quip. When it comes to cybersecurity today, both fault and remedy have for too long been left to the IT department. Yet in the Fourth Industrial Revolution, where ubiquitous connectivity and digitalization underpin socio-economic progress and prosperity, it is the responsibility of top public and corporate leaders to take ownership of this challenge.

As cyberattacks grow in sophistication and frequency, strategic decision-making is required to allow for more informed investment and resourcing in order to enhance preparedness and resilience. This is the first of 10 key messages and recommendations to come from over 150 cybersecurity leaders and practitioners who participated in the World Economic Forum Annual Meeting on Cybersecurity in November last year.

 

As a first step, board and C-Suite members as well as high-level policy-makers need to gain a better understanding of the cyber-risks to which their organization, municipality or country are exposed. This does not mean becoming full-on technical experts; technical expertise rests with the ICT and information security departments or contracted cybersecurity service providers. What urgently needs to improve is the communication and translation of cybersecurity issues between practitioners and leadership. If corporate and government leaders have a strong grasp of their entity’s vulnerabilities and which critical assets are at risk, they can take timely strategic decisions on investment and resourcing to bolster their organizations’ resilience and safeguards. The recent downgrade of Equifax by Moody’s showed that cybersecurity readiness is increasingly priced in, and requires a holistic approach to be successful.

Such an approach may require rethinking organizational structures and governance in order to break down silos and enable a more robust cybersecurity posture. Beyond economic losses, the legal, reputational and even physical consequences of a cyberattack can be massive. Leaders must mandate greater cyber-savviness across organizational functions such as risk, compliance, legal, human resources and communications, among others.

Cross-functional task-forces and crisis-response teams that are clear on processes and protocols are crucial when cybersecurity crises hit. When the Norwegian aluminium and renewable energy company Norsk Hydro faced a ransomware attack in March 2019, it decided to refuse payment of the ransom, to report the attack immediately and to be transparent about impact, response and recovery – in addition to collaborating with law enforcement by sharing information. Furthermore, this occurred shortly after the company’s long-standing CEO had stepped down.

From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
Image: World Economic Forum Centre for Cybersecurity

Navigating a cyberattack successfully under these circumstances demonstrates the importance of having a robust crisis management strategy in place to mitigate negative consequences. Again, this requires corporate leadership to understand and monitor the actual status of their company’s cybersecurity risks, and their response and recovery plans (which equally applies to public entities or NGOs, too). Such readiness also requires regular training and practical exercises.

Beyond that, a culture of cybersecurity needs to be instilled across the organization, from the top floor to the shop floor. The human element in cybersecurity cannot be underestimated. Yet while basic cybersecurity training and hygiene need to be internalized by staff, leaders can leverage technological innovation to curb key attack vectors. For example, new authentication methods can help to replace passwords – one of the most prevalent entry points for data breaches.

Leveraging such technologies requires investment – well spent, considering they can help secure our digital future. Moving data to the cloud, for example, clearly entails risks around confidentiality, integrity and availability. Yet outsourcing security maintenance to cloud providers may actually be beneficial, especially for entities with a limited cybersecurity budget. Providers can better understand the threat environment, deploy the latest security technologies and also cater for physical access security within data centres.

Or consider artificial intelligence (AI). Deploying AI for threat detection and analysis as well as for incident response enables more effective and efficient cybersecurity. At the same time, cybercriminals are adopting new technologies even faster and to their advantage. The developments in AI, quantum and identity management, among others, call for ever-greater investment to stay ahead of malicious actors. Needless to say, talent development also requires funding to build a strong cybersecurity-aware workforce.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

Beyond preventing reputational, legal and even physical damage, what are the incentives for such investment and for the development of a holistic cybersecurity approach and culture? Market players such as insurers and investors are increasingly paying attention to the cybersecurity posture of an organization in their decision-making and offerings. Coherence, however, is still missing. Therefore, trusted and verified cybersecurity ratings are needed to improve assessment and comparability across peers. This not only helps to evaluate organizations’ resilience, but could increasingly guide consumer, citizen and investor decisions. Digital trust has evolved as a critical currency in the Fourth Industrial Revolution and cybersecurity has already become a competitive differentiator. At the same time, considering the systemic risks – and opportunities – at stake, digital trust and cybersecurity require collaboration at a pre-competitive level and concerted action by all stakeholders.

Global cooperation across the public and the private sectors is vital – from promoting dialogue and accelerating new models of effective collaboration beyond geo-economic fault lines, across advancing “security by design and default” in the development of new technologies and digital networks, to accelerating knowledge transfer and the adoption of best practices to address the global deficit in professional skills and adequate capabilities, particularly in emerging economies.

Equally, and particularly to prevent the balkanization of the internet, maintaining an open and secure internet must be a collaborative effort between the public and private sectors. The Internet Service Provider Principles – launched at this year’s World Economic Forum Annual Meeting – are a major step towards reinforcing safety and trust in cyberspace. They are but one example of how the World Economic Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust can provide a neutral, trusted and globally recognized platform to facilitate cooperation and deliver tangible impacts in global cybersecurity.

Had Henry Ford known that his conveyor belts could be brought to a halt by a hack, that his supply chain would only be as cyber-strong as its weakest link and that the company’s data and intellectual property could easily be stolen by cybercriminals, he would have set out to find a remedy. For private and public-sector leaders today, notably seeking to give meaning to the notion of stakeholder capitalism, it is their responsibility to take full ownership of the cyber challenge and to work out a remedy together.

Advertising

Advertising

Advertising

Advertising

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

ILO: Unemployment to increase by 8.1 million in 2013-2014

Our tourism system is broken – time to customize

Syria: UN health agency highlights ‘critical health threats’ facing Idlib civilians

Built by a woman: supporting the dreams of mum entrepreneurs

This is how we make cancer care sustainable and available for all

Trump asked Merkel to pay NATO arrears and cut down exports ignoring the EU

JADE visits Lithuanian Junior Initiatives

Migrant caravan: UN agency helping ‘exhausted’ people home

Zeid calls for ICC probe into Myanmar Rohingya crisis

End of plastic water bottles at European Parliament

To retire at 65, American millennials need to save almost half their paycheck

This man is installing 100 trash barriers in Bali’s rivers to stop plastic pollution

Closing the trust gap: how responsible data use can accelerate a sustainable society

This brewery is ditching plastic six-pack rings to save marine life

The new general election will secure Greece’s position in Eurozone; at least for some time

2018 ‘terrifying’ for Yemenis but ultimately a ‘year for hope’ says UN Special Envoy

Politics is failing to protect the Amazon. It’s time for finance to step up instead

International trade statistics: trends in third quarter 2019

In Japan, if you’re 76 you’re biologically 65

Why skills are keeping CEOs awake at night

Can China deal with climate change without the U.S.?

The Five Chinese Girls

South Africa’s economy in 5 charts

Is this really it for the gig economy? Read on

Australia’s bushfires have pumped out half a year’s CO2 emissions

Why developing new antibiotics is a matter of life and death

At COP24, countries agree concrete way forward to bring the Paris climate deal to life

Towards seamless patent registration and protection in 25 EU countries

Eritrea sanctions lifted amid growing rapprochement with Ethiopia: Security Council

How to outsmart bias when you’re recruiting

New UN-supported farming app is cream of crop in tackling Sahel pest

At last a good price for the Greek debt!

Electronic Cigarettes: A booster or alternative to Smoking?

How global tech can drive local healthcare innovation in China

3 strategies for Africa to thrive in this new era of globalization

Ambassador Zhang Ming: “Work Together for a Better Globalization”

A day in the life of a refugee: the role of nations and citizens of the world

Gas pipeline in the European Union. (Copyright: EU, 2012 / Source: EC - Audiovisual Service / Photo: Ferenc Isza)

EU Investment Bank approves € 1.5bn loan for Trans Adriatic Pipeline (TAP)

Bitpay @ TheNextWeb 2014: Innovation’s Best Friend

A new catastrophic phase in the Syrian carnage

How migrants who send money home have become a global economic force

Coronavirus containment is the key, as infections tick up: Tedros

Brussels to tear down the trade wall with Mexico as opposed to Trump’s “walls”

Bolivia crisis: UN chief sends envoy to support peace, amidst renewed clashes

The European Sting live from the World Economic Forum 2015 in Davos

How Greece was destroyed

Jakarta is one of the world’s fastest disappearing cities

Nearly $4 billion needed to protect 41 million children from conflict and disaster

E-Governance: A powerful tool to combat, mitigate and sustainably manage disaster risks

Banking on sustainability – what’s next?

Ebola fight ongoing amid evidence of ‘several massacres’ in DR Congo’s Ituri province

Methane levels are increasing – and scientists aren’t sure why

MEPs call for decisive action to fight inequalities in the EU

The 5 biggest challenges cities will face in the future

Summer pause gives time to rethink Eurozone’s problems

Parliament in favour of lifting visa requirements for Kosovars

UN experts cite ‘possible exploitation’ of workers hired to clean up toxic Japanese nuclear plant

Where is heading Putin’s Russia?

Copyright: European Union , 2017; Source: EC - Audiovisual Service; Photo: Frank Molter

EU hits deadlock on the future of glyphosate a month before deadline

EU-U.S. Privacy Shield: Second review shows improvements but a permanent Ombudsperson should be nominated by 28 February 2019

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s