Cyber-Risk Assessments: the vaccine for companies in the Fourth Industrial Revolution

internet__

(Leon Seibert, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Algirde Pipikaite, Project Lead, Governance and Policy, World Economic Forum & Joram Borenstein, General Manager, Cybersecurity Solutions, Microsoft


Technology continues to play a critical role in shaping the global risks landscape for individuals, governments and businesses. According to the World Economic Forum Global Risks Report 2020, cyberattacks are ranked as the second risk of greatest concern for business globally over the next 10 years. Cyberattacks on critical infrastructure – rated the fifth top risk in 2020 by the expert network – have become the new normal across sectors such as energy, healthcare and transportation. This confirms a pattern recorded in previous years, with cyber risks consolidating their position alongside environmental risks in the high-impact, high-likelihood quadrant of the report’s Global Risks Landscape.

 

The cyberattack surface (the totality of all information system and internet exposure) is growing at a rapid pace. In parallel, inherently borderless cybercrime is impacting victims around the globe, with the authority of law enforcement often constrained by jurisdiction and the limitations of legal processes serving to request information beyond national borders. Moreover, cybercrime-as-a-service is a growing business model, as the increasing sophistication of tools on the Darknet makes malicious services more affordable and easily accessible for anyone.

In this context, a cyber-risk assessment is crucial to any organization’s risk management strategy. A cyber-risk assessment provides an informed overview of an organization’s cybersecurity posture and provides data for cybersecurity-related decisions. A well-managed assessment process prevents costly wastes of time, effort and resources and enables informed decision-making.

Many jurisdictional instruments, including the European Union General Data Protection Regulation (GDPR) and the Data Protection Act (DP A) 2018 in the United Kingdom, require risk assessments to be conducted. Any organization with a digital footprint should have an understanding of their cyber preparedness to ensure that the leadership does not underestimate or overlook risks that could cause significant damage.

CYBERSECURITY-FOCUSED

Yet today, cybersecurity awareness is largely insufficient and there is no standard approach among investors and corporate leadership for evaluating the cybersecurity preparedness of their own, or their portfolio of companies. A cybersecurity-focused culture, based on cyber expertise and awareness, is vital to prioritizing cybersecurity in the investment process.

Including cybersecurity risk assessment in the investment and decision-making process is a rather new approach. The World Economic Forum along with leaders and cybersecurity experts in the investment industry have developed a due care standard to guide investor responsibility in terms of cybersecurity. Tailored to investors’ needs and principle-based, it aims to influence behavioural change rather than merely prescribe specific action to be taken.

2025 Market Projections for 4IR Technologies
Most businesses are either becoming digital or are already in the digital domain.
Image: World Economic Forum

According to a World Economic Forum report, adequate cybersecurity expertise is foundational and vital to exercising the cyber due care principles. Investors should ensure requisite cybersecurity expertise is available to them and their investment portfolio companies either internally or through external experts. An investor’s attention to cybersecurity should extend well beyond regulatory compliance and legal obligations and include regular briefings on evolving cyber risks.

Expertise should evolve to guarantee optimal efforts to stay abreast of cybersecurity developments. Overall, investors are urged to foster a cybersecurity awareness culture as most businesses, investment targets and their key assets are either becoming digital or are already in the digital domain.

Principles to follow:

Incorporate a cyber-risk tolerance: The investor incorporates cyber-risk tolerance into their portfolio risk methodology similar to other types of risks monitored, such as financial and management risks. This cyber-risk tolerance threshold indicates the investor’s risk appetite and serves as a reference when making investment decisions.

Conduct cyber due diligence: The investor conducts a business-relevant cybersecurity assessment of the target company in terms of people, processes and technology, as part of the due diligence evaluation and weighs the potential cyber risks against the valuation and strategic benefits of investment.

Determine appropriate incentive structure: In the early stage of investment negotiations, the investor clearly defines ongoing cybersecurity expectations, benchmarks and incentives for portfolio companies within investment mandates and term sheets.

Secure integration and development: The investor develops and follows systematic action plans to securely integrate the investment target according to the nature of the investment. These action plans span the secure integration of people, processes and technology, as well as define the support that the investor will offer to develop the target’s cybersecurity capabilities. The extent of integration may vary according to the type of investor (financial vs strategic) and the motivation for the investment.

Regularly review and encourage collaboration: The investor reviews the cybersecurity capabilities of its portfolio companies on a regular basis. These reviews assess adherence to the cybersecurity requirements set out by the investor and serve as a basis for sharing cybersecurity challenges, best practices and lessons learned across the investor’s portfolio.

Investing in innovation is one way to reduce the likelihood of unexpected disruption, identify ‘blue oceans‘ (markets associated with high potential profits) and contribute to achieving desired returns. Whereas entrepreneurs drive innovation and experimentation, investors play an important role in helping them to grow, optimize and mature their businesses. Helping entrepreneurs to prioritize cybersecurity is one significant way in which investors can increase the likelihood of long-term success and a product’s resilience in the market, thereby strengthening the brand name and consumer trust.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

When investing in a technology company, investors need to consider the degree of cyber-risk exposure to understand how to manage and mitigate it. Investors play a critical role in leading their investment portfolio companies towards better security consideration and implementation.

Cyber expertise comprises not only technical know-how but also cybersecurity awareness in governance and investment. The principles and the cybersecurity due diligence assessment framework are designed for investors who want to include cybersecurity among the criteria for their investment consideration and decision. One of the main barriers to prioritizing cybersecurity is the lack of cyber expertise in the market. Yet every investor who understands the importance of cybersecurity in our technological age can ask the right questions to assess and understand a target’s cybersecurity preparedness, thus play a significant role in securing our shared digital future.

Advertising

Advertising

Advertising

Advertising

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

The racial wealth gap in the US is affecting its citizens and its economy – this is how

The US bugged Europe: Is this news?

What fighting malaria can teach us about linking purpose and business

The West is struggling to hit its climate targets. What would the developing world do differently?

Anti-vaccers: does the empty can rattle the most?

5 futuristic ways to fight cyber attacks

ECB’s Draghi favours a cheaper euro to serve all Eurozone countries

Reusable packaging: 6 benefits beyond sustainability

MWC 2016 LIVE: Ford trumpets new in-vehicle system, “fundamentally rethinks” transportation

Mediterranean migrant drownings should spur greater action by European countries, urge UN agencies

Central African Republic: UN chief hails signing of new peace agreement

Killings and violence targeting ethnic group in DR Congo ‘may amount to crimes against humanity’

FROM THE FIELD: New sensors protect vulnerable Malawians against deadly lightning

UN’s Grandi slams ‘toxic language of politics’ aimed at refugees, migrants

Saudi Arabia expresses ‘regret and pain’ over Khashoggi killing, during UN rights review

The UN’s unyielding effort to tackle sexual abuse and exploitation: our quarterly update

Repression, use of force risk worsening Bolivia crisis: UN human rights chief

Child victims of DRC Ebola outbreak need ‘special attention and care’: UNICEF

UN relief chief urges Security Council to back aid delivery, more funding for millions of Syrians hit by harsh weather

Increased levels of carbon dioxide could reduce brainpower, study finds

Joint U.S.-EU Statement following President Juncker’s visit to the White House

Why we are using these custom-built drones to collect whale snot

EU: Huge surplus in the trade of services with the rest of the world

The smartest cyber investment is collective action. Here’s why

Ireland’s planning to make its Emerald Isle even greener

Mergers: Commission opens in-depth investigation into proposed acquisition of Metallo by Aurubis

EU and Australia launch talks for a broad trade agreement

Commission makes it easier for citizens to access health data securely across borders

Who cares more about taxpayers? The US by being harsh on major banks or the EU still caressing them?

‘We need to do more’ to transform the world, deputy UN chief tells African audiences

Commission celebrates the 30th anniversary of the Jean Monnet Activities promoting European studies worldwide

‘Agile’, multilateral response vital to combat terrorism – UN chief Guterres

MWC19 Wrap Up, in association with The European Sting, GSMA’s Brussels Media Partner for the 6th Consecutive Year

Homicide kills far more people than armed conflict, new UN study shows

Crop yields are up in Syria, but higher prices still cause major strain: new UN report

‘No steps taken’ so far to end Israel’s illegal settlement activity on Palestinian land – UN envoy

Why collective action is the key to saving our forests

AI-assisted recruitment is biased. Here’s how to make it more fair

The refugee crisis seen through the eyes of a young doctor from Turkey

Victim-centred laws ‘paramount’ to combat online sexual abuse against children

Trade is not a weapon. Let’s not use it as one

There are more than 1 billion guns in the world and this is who owns them

The United States divorce rate is dropping, thanks to millennials

Germany and Europe prepare for Trump’s America

The importance of Yellow September and suicide prevention in Brazil

Africa: Urgent action needed to mobilise domestic resources as tax revenues plateau

Those who produce food are among world’s hungriest – UN rights expert

Africa-Europe Alliance: first projects kicked off just three months after launch

The four top Americans who flew to Europe perplexed things about Trump’s intentions

A brief history of cryptography and why it matters

EU adopts retaliative measures in response to US steel and aluminum tariffs

MWC 2016 LIVE: T-Mobile US reveals 5G trial plans

UN chief ‘commends’ leadership of Greece and former Yugoslav Republic of Macedonia, as name dispute draws to final close

Security Council beats midnight deadline, renews Syria cross-border aid in contentious vote

Stage set for successful 2020 Burundi elections, Foreign Minister tells General Assembly

Mobility package: Parliament adopts position on overhaul of road transport rules

Blockchain could boost global trade by $1 trillion

FROM THE FIELD: Keeping Morocco’s indigenous culture and conservation in balance

The EU risks trade relations with China over the Tata hype about steel

The MWC14 Sting Special Edition

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s