Global leaders must take responsibility for cybersecurity. Here’s why – and how

cyber

(Shahadat Rahman, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Marie Sophie Müller, Programme and Engagement Lead, Centre for Cybersecurity, World Economic Forum & Alois Zwinggi, Managing Director and Head, Centre for Cybersecurity, World Economic Forum


“Don’t find fault, find a remedy”, as the industrial pioneer Henry Ford used to quip. When it comes to cybersecurity today, both fault and remedy have for too long been left to the IT department. Yet in the Fourth Industrial Revolution, where ubiquitous connectivity and digitalization underpin socio-economic progress and prosperity, it is the responsibility of top public and corporate leaders to take ownership of this challenge.

As cyberattacks grow in sophistication and frequency, strategic decision-making is required to allow for more informed investment and resourcing in order to enhance preparedness and resilience. This is the first of 10 key messages and recommendations to come from over 150 cybersecurity leaders and practitioners who participated in the World Economic Forum Annual Meeting on Cybersecurity in November last year.

 

As a first step, board and C-Suite members as well as high-level policy-makers need to gain a better understanding of the cyber-risks to which their organization, municipality or country are exposed. This does not mean becoming full-on technical experts; technical expertise rests with the ICT and information security departments or contracted cybersecurity service providers. What urgently needs to improve is the communication and translation of cybersecurity issues between practitioners and leadership. If corporate and government leaders have a strong grasp of their entity’s vulnerabilities and which critical assets are at risk, they can take timely strategic decisions on investment and resourcing to bolster their organizations’ resilience and safeguards. The recent downgrade of Equifax by Moody’s showed that cybersecurity readiness is increasingly priced in, and requires a holistic approach to be successful.

Such an approach may require rethinking organizational structures and governance in order to break down silos and enable a more robust cybersecurity posture. Beyond economic losses, the legal, reputational and even physical consequences of a cyberattack can be massive. Leaders must mandate greater cyber-savviness across organizational functions such as risk, compliance, legal, human resources and communications, among others.

Cross-functional task-forces and crisis-response teams that are clear on processes and protocols are crucial when cybersecurity crises hit. When the Norwegian aluminium and renewable energy company Norsk Hydro faced a ransomware attack in March 2019, it decided to refuse payment of the ransom, to report the attack immediately and to be transparent about impact, response and recovery – in addition to collaborating with law enforcement by sharing information. Furthermore, this occurred shortly after the company’s long-standing CEO had stepped down.

From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
Image: World Economic Forum Centre for Cybersecurity

Navigating a cyberattack successfully under these circumstances demonstrates the importance of having a robust crisis management strategy in place to mitigate negative consequences. Again, this requires corporate leadership to understand and monitor the actual status of their company’s cybersecurity risks, and their response and recovery plans (which equally applies to public entities or NGOs, too). Such readiness also requires regular training and practical exercises.

Beyond that, a culture of cybersecurity needs to be instilled across the organization, from the top floor to the shop floor. The human element in cybersecurity cannot be underestimated. Yet while basic cybersecurity training and hygiene need to be internalized by staff, leaders can leverage technological innovation to curb key attack vectors. For example, new authentication methods can help to replace passwords – one of the most prevalent entry points for data breaches.

Leveraging such technologies requires investment – well spent, considering they can help secure our digital future. Moving data to the cloud, for example, clearly entails risks around confidentiality, integrity and availability. Yet outsourcing security maintenance to cloud providers may actually be beneficial, especially for entities with a limited cybersecurity budget. Providers can better understand the threat environment, deploy the latest security technologies and also cater for physical access security within data centres.

Or consider artificial intelligence (AI). Deploying AI for threat detection and analysis as well as for incident response enables more effective and efficient cybersecurity. At the same time, cybercriminals are adopting new technologies even faster and to their advantage. The developments in AI, quantum and identity management, among others, call for ever-greater investment to stay ahead of malicious actors. Needless to say, talent development also requires funding to build a strong cybersecurity-aware workforce.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

Beyond preventing reputational, legal and even physical damage, what are the incentives for such investment and for the development of a holistic cybersecurity approach and culture? Market players such as insurers and investors are increasingly paying attention to the cybersecurity posture of an organization in their decision-making and offerings. Coherence, however, is still missing. Therefore, trusted and verified cybersecurity ratings are needed to improve assessment and comparability across peers. This not only helps to evaluate organizations’ resilience, but could increasingly guide consumer, citizen and investor decisions. Digital trust has evolved as a critical currency in the Fourth Industrial Revolution and cybersecurity has already become a competitive differentiator. At the same time, considering the systemic risks – and opportunities – at stake, digital trust and cybersecurity require collaboration at a pre-competitive level and concerted action by all stakeholders.

Global cooperation across the public and the private sectors is vital – from promoting dialogue and accelerating new models of effective collaboration beyond geo-economic fault lines, across advancing “security by design and default” in the development of new technologies and digital networks, to accelerating knowledge transfer and the adoption of best practices to address the global deficit in professional skills and adequate capabilities, particularly in emerging economies.

Equally, and particularly to prevent the balkanization of the internet, maintaining an open and secure internet must be a collaborative effort between the public and private sectors. The Internet Service Provider Principles – launched at this year’s World Economic Forum Annual Meeting – are a major step towards reinforcing safety and trust in cyberspace. They are but one example of how the World Economic Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust can provide a neutral, trusted and globally recognized platform to facilitate cooperation and deliver tangible impacts in global cybersecurity.

Had Henry Ford known that his conveyor belts could be brought to a halt by a hack, that his supply chain would only be as cyber-strong as its weakest link and that the company’s data and intellectual property could easily be stolen by cybercriminals, he would have set out to find a remedy. For private and public-sector leaders today, notably seeking to give meaning to the notion of stakeholder capitalism, it is their responsibility to take full ownership of the cyber challenge and to work out a remedy together.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

IMF launches a new offensive against Germany

The jobs forecast is unsettled. It’s time for a reskilling revolution

Make this the year of ‘transformative solutions’ to avert disastrous climate change: UN Deputy Chief

Finland must focus on integrating migrant women and their children to boost their contribution to the economy and society

Human health – litmus paper for the climate change?

MEPs and EU ministers agree on closing information gaps to enhance security

Innovation and entrepreneurship can cut waste and deliver the circular economy

End racist discrimination against Afro-European people in the EU

UN expert condemns new sentence for jailed Venezuelan judge as ‘another instance of reprisal’

What’s a logarithmic graph and how does it help explain the spread of COVID-19?

Universal basic income is the answer to the inequalities exposed by COVID-19

Britain’s poet laureate has created a prize to highlight poetry about the climate crisis

UN pushes for universal health care on International Day

Plastic is a global problem. It’s also a global opportunity

Service and Sacrifice: Guinean peacekeepers make their mark in Mali

Gig workers among the hardest hit by coronavirus pandemic

‘Path to peace’ on Korean Peninsula only possible through diplomacy and full denuclearization: US tells Security Council

A geared turbofan at Pratt & Whitney's production hub in West Palm Beach (copyright: Pratt & Whitney - a UTC Company- 2018; Source: Pratt & Whitney's website, media center)

The EU Commission approves UTC’s acquisition of Rockwell Collins under conditions

Reading the smoke signals: The long-term consequences of Amazon wildfire on global health

The best companies to work for in 2020, according to Glassdoor

Our healthcare systems are ailing. Here’s how to make them better

Cross-border travel is confusing after COVID – this framework can help borders reopen safely

Air pollution: Most EU Member States not on track to reduce air pollution and its related health impacts by 2030

Mental health in the pandemic: it’s no Rubik’s cube

UN chief praises impact of Palestine refugee agency as ‘our common success’, at key pledging conference

EU-China Leaders’ Meeting: Upholding EU values and interests at the highest level

COP21 Breaking News_10 December: the final sprint of the Final Agreement Negotiations

Colombia: Santos thanks the EU for its support to the peace process

COP24 negotiations: Why reaching agreement on climate action is so complex

The psychology of pandemics

EU and 15 World Trade Organization members establish contingency appeal arrangement for trade disputes

Coronavirus: here’s what you need to know about face masks

LUX prize will be awarded jointly by the European Parliament and the European Film Academy

EU summit: No energy against tax evasion and fraud

Advancing multilateralism goes ‘hand-in-hand’ with work of the UN

EU leaders prepare timetable and structure for EU budget negotiations

Climate change update: consistent global actions urgently needed as we are running out of time

WEF Davos 2016 LIVE: The health of capitalism won’t be the only worry for those who head for Davos

First-ever EU defence industry fund to finance joint development of capabilities

UN health agency team in China to strengthen coronavirus response through partnership

Can China deal with climate change without the U.S.?

Taliban-led violence during recent Afghan polls leaves record high numbers of civilians dead – UN

Darfur: Inter-communal tensions still high despite improved security, Mission head tells Security Council

The costs of corruption: values, economic development under assault, trillions lost, says Guterres

Why the ECB had to clarify it caters for the entire Eurozone not just Germany?

4 steps to developing responsible AI

15 years of risk: from economic collapse to planetary devastation

This top-10 of business risks misses the biggest of them all: climate change

Draghi to lay his print on long term ECB policies prior to exiting next year

Youth Parliament to finalise millennials´ priorities for future of the EU

5 ways students can graduate fully qualified for the Fourth Industrial Revolution

Family incomes stagnate in the EU; people excluded from ‘moderate recovery’

Nicaragua must end ‘witch-hunt’ against dissenting voices – UN human rights experts

The world is facing a $15 trillion infrastructure gap by 2040. Here’s how to bridge it

Cancer is a growing global threat and prevention is key, UN study shows

East Africa locusts threaten food insecurity across subregion, alerts UN agriculture agency

Mental health in the pandemic: how to stay emotionally stable?

GSMA announces new keynote speakers for 2018 Mobile World Congress

Asylum: deal to update EU fingerprinting database

Is there a new debt crisis on the horizon?

More Stings?

Advertising

Trackbacks

  1. […] The article: Global leaders must take responsibility for cybersecurity. Here’s why – and how […]

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s