Global leaders must take responsibility for cybersecurity. Here’s why – and how

cyber

(Shahadat Rahman, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Marie Sophie Müller, Programme and Engagement Lead, Centre for Cybersecurity, World Economic Forum & Alois Zwinggi, Managing Director and Head, Centre for Cybersecurity, World Economic Forum


“Don’t find fault, find a remedy”, as the industrial pioneer Henry Ford used to quip. When it comes to cybersecurity today, both fault and remedy have for too long been left to the IT department. Yet in the Fourth Industrial Revolution, where ubiquitous connectivity and digitalization underpin socio-economic progress and prosperity, it is the responsibility of top public and corporate leaders to take ownership of this challenge.

As cyberattacks grow in sophistication and frequency, strategic decision-making is required to allow for more informed investment and resourcing in order to enhance preparedness and resilience. This is the first of 10 key messages and recommendations to come from over 150 cybersecurity leaders and practitioners who participated in the World Economic Forum Annual Meeting on Cybersecurity in November last year.

 

As a first step, board and C-Suite members as well as high-level policy-makers need to gain a better understanding of the cyber-risks to which their organization, municipality or country are exposed. This does not mean becoming full-on technical experts; technical expertise rests with the ICT and information security departments or contracted cybersecurity service providers. What urgently needs to improve is the communication and translation of cybersecurity issues between practitioners and leadership. If corporate and government leaders have a strong grasp of their entity’s vulnerabilities and which critical assets are at risk, they can take timely strategic decisions on investment and resourcing to bolster their organizations’ resilience and safeguards. The recent downgrade of Equifax by Moody’s showed that cybersecurity readiness is increasingly priced in, and requires a holistic approach to be successful.

Such an approach may require rethinking organizational structures and governance in order to break down silos and enable a more robust cybersecurity posture. Beyond economic losses, the legal, reputational and even physical consequences of a cyberattack can be massive. Leaders must mandate greater cyber-savviness across organizational functions such as risk, compliance, legal, human resources and communications, among others.

Cross-functional task-forces and crisis-response teams that are clear on processes and protocols are crucial when cybersecurity crises hit. When the Norwegian aluminium and renewable energy company Norsk Hydro faced a ransomware attack in March 2019, it decided to refuse payment of the ransom, to report the attack immediately and to be transparent about impact, response and recovery – in addition to collaborating with law enforcement by sharing information. Furthermore, this occurred shortly after the company’s long-standing CEO had stepped down.

From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
From the Annual Meeting on Cybersecurity, Geneva, Switzerland 12-13 November 2019
Image: World Economic Forum Centre for Cybersecurity

Navigating a cyberattack successfully under these circumstances demonstrates the importance of having a robust crisis management strategy in place to mitigate negative consequences. Again, this requires corporate leadership to understand and monitor the actual status of their company’s cybersecurity risks, and their response and recovery plans (which equally applies to public entities or NGOs, too). Such readiness also requires regular training and practical exercises.

Beyond that, a culture of cybersecurity needs to be instilled across the organization, from the top floor to the shop floor. The human element in cybersecurity cannot be underestimated. Yet while basic cybersecurity training and hygiene need to be internalized by staff, leaders can leverage technological innovation to curb key attack vectors. For example, new authentication methods can help to replace passwords – one of the most prevalent entry points for data breaches.

Leveraging such technologies requires investment – well spent, considering they can help secure our digital future. Moving data to the cloud, for example, clearly entails risks around confidentiality, integrity and availability. Yet outsourcing security maintenance to cloud providers may actually be beneficial, especially for entities with a limited cybersecurity budget. Providers can better understand the threat environment, deploy the latest security technologies and also cater for physical access security within data centres.

Or consider artificial intelligence (AI). Deploying AI for threat detection and analysis as well as for incident response enables more effective and efficient cybersecurity. At the same time, cybercriminals are adopting new technologies even faster and to their advantage. The developments in AI, quantum and identity management, among others, call for ever-greater investment to stay ahead of malicious actors. Needless to say, talent development also requires funding to build a strong cybersecurity-aware workforce.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

Beyond preventing reputational, legal and even physical damage, what are the incentives for such investment and for the development of a holistic cybersecurity approach and culture? Market players such as insurers and investors are increasingly paying attention to the cybersecurity posture of an organization in their decision-making and offerings. Coherence, however, is still missing. Therefore, trusted and verified cybersecurity ratings are needed to improve assessment and comparability across peers. This not only helps to evaluate organizations’ resilience, but could increasingly guide consumer, citizen and investor decisions. Digital trust has evolved as a critical currency in the Fourth Industrial Revolution and cybersecurity has already become a competitive differentiator. At the same time, considering the systemic risks – and opportunities – at stake, digital trust and cybersecurity require collaboration at a pre-competitive level and concerted action by all stakeholders.

Global cooperation across the public and the private sectors is vital – from promoting dialogue and accelerating new models of effective collaboration beyond geo-economic fault lines, across advancing “security by design and default” in the development of new technologies and digital networks, to accelerating knowledge transfer and the adoption of best practices to address the global deficit in professional skills and adequate capabilities, particularly in emerging economies.

Equally, and particularly to prevent the balkanization of the internet, maintaining an open and secure internet must be a collaborative effort between the public and private sectors. The Internet Service Provider Principles – launched at this year’s World Economic Forum Annual Meeting – are a major step towards reinforcing safety and trust in cyberspace. They are but one example of how the World Economic Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust can provide a neutral, trusted and globally recognized platform to facilitate cooperation and deliver tangible impacts in global cybersecurity.

Had Henry Ford known that his conveyor belts could be brought to a halt by a hack, that his supply chain would only be as cyber-strong as its weakest link and that the company’s data and intellectual property could easily be stolen by cybercriminals, he would have set out to find a remedy. For private and public-sector leaders today, notably seeking to give meaning to the notion of stakeholder capitalism, it is their responsibility to take full ownership of the cyber challenge and to work out a remedy together.

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

How to harness data to tackle rare diseases

5 ways to integrate Syrian refugees into the workforce

Ebola in DR Congo: conflict zones could constitute ‘hiding places’ for the deadly virus – WHO chief

The Sting’s Values

The 28 EU leaders unable to start a relevant debate on migration and Brexit

Trump doesn’t only target Germany, aims to crack the entire EU

Giving humanitarian help to migrants should not be a crime, according to the EP

How next-generation information technologies tackled COVID-19 in China

‘Starvation’ now a reality for displaced Syrians stranded in camp near Jordanian border

3 reasons why Singapore is the smartest city in the world

Neelie Kroes at the European Young Innovators Forum: Unconvention 2014

4 innovative renewable energy projects powering Europe’s green future

In New Zealand it takes less than a day to start a business

5 lessons for the future success of virtual and augmented reality

IMF: The near-term outlook for the U.S. economy is one of strong growth and job creation

This plastic-free bag dissolves in water

How dearly will Germany pay for the Volkswagen emissions rigging scandal

The digital building blocks of better communities

These will be the main cybersecurity trends in 2020

4 ways sporting events are becoming more sustainable

UN ‘stands in solidarity’ with cyclone-hit India – Secretary-General Guterres

Brazilian health: right or privilege?

Look to cities, not nation-states, to solve our biggest challenges

International community makes important progress on the tax challenges of digitalisation

Citizens to be the cornerstone of the Conference on the Future of Europe

Generalist practicing: is it worth it?

A week to decide if the EU is to have a Banking Union

Impacting society with digital ingenuity – World Summit Award proclaiming the top 8 worldwide

How India is solving its cooling challenge

Are we at risk of a financial crisis? Our new report takes a look

EU-wide penalties for money laundering: deal with Council

Eurozone: A Sluggish economy offers no extra jobs

2021-2027 EU Budget: €378,1 billion to benefit all regions

New El Salvador law, a victory for forced displacement victims: UN refugee agency

‘Counter and reject’ leaders who seek to ‘exploit differences’ between us, urges Guterres at historic mosque in Cairo

UK: Crawley group wins European Citizens’ Prize

Why lay people don’t expect anything good from G20

Russia – US in Syria: Selling Afrin to Turkey but facing off ruthlessly for Ghouta

Superconductors: the miracle materials powering an energy revolution

A guide to thriving in the post-COVID-19 workplace

Eurozone banks are unable to support real economy’s dawning growth

“Cyber security is a shared responsibility: stop, think, connect”, a Sting Exclusive by EU Commissioner Gabriel

Asylum: deal to update EU fingerprinting database

A UN-backed boost for women-run businesses in the developing world

One in three Venezuelans not getting enough to eat, UN study finds

How Europe beat the financial crisis – and the risks it still faces

Students & Allies Unite Globally To Launch #Students_Against_COVID

Girls hold the key to Zambia’s future

EU Facility for Refugees in Turkey: €6 billion to support refugees and local communities in need fully mobilised

State aid: France to recover €8.5 million of illegal aid to Ryanair at Montpellier airport

France asks help from Germany but it will not be for free

Poverty and social exclusion skyrocket with austerity

How storytelling can be a force for social change

Opposite cultures: Should it be a problem?

Nearly 5 million children in need due to rising violence in central Sahel: UNICEF

How well you age depends on what you think of old age

“If the job market doesn’t exist, then even the most brilliant Youth Guarantee cannot ensure a job to these young people”, European Youth Forum Secretary General Giuseppe Porcaro on another Sting Exclusive

What is digital equality? An interview with Nanjira Sambuli

Taj Mahal closes as European Union considers non-essential travel ban – Today’s COVID-19 updates

YouTubers are teaming up to plant 20 million trees

More Stings?

Advertising

Trackbacks

  1. […] The article: Global leaders must take responsibility for cybersecurity. Here’s why – and how […]

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s