Over 150 global leaders and cybersecurity experts from the public and private sectors gathered in Geneva at the World Economic Forum’s headquarters to exchange tales from the trenches and examine how to better arm companies and organizations against cyber attacks that are increasing in frequency and sophistication. A panel entitled “Can The Market Fix It” — one of three moderated by The Innovator’s Editor-in-Chief Jennifer L. Schenker — looked at how to make privacy by design and security by design a standard. Panelists discussed whether there are new communities besides government and investors who could play an important role in shaping or creating new market incentives to improve cyber security in innovation, new technologies and services. There was general agreement that large established companies could help lift all boats by imposing strict cybersecurity compliance standards on all of their supply chain partners and startups they do business with. Key to making such a system work would be the establishment of a globally accepted cyber-hygiene rating system though it is still unclear how — and how quickly -such a system could be established. Some participants said they believe there is an opportunity for the World Economic Forum to play a role. There was also agreement that there needs to be clearer rules around liability. Questions that need to be answered include what happens when companies become collateral damage in state-led cyberwarfare? Do insurers need to rethink and be more transparent about what cyber insurance policies cover? Should a small company that is being acquired be required to indefinitely accept 50% of the liability in case of a future cyber breach? There was much talk at the conference about how companies can limit their liability through proactive measures. Many business leaders feel unprepared to deal with cybersecurity. Boards and C-Suite executives need to be educated so that they can properly assess the company’s risk and develop action plans. Employees also need to be educated as the majority of cyber incidents are their fault. Participants shared how their companies are encouraging positive behavioral changes by supplementing training with gamification in the form of cash rewards or by giving medals to business units that have the best cyber-hygiene track record. Such methods are being paired with the use of behavioral analytics technology to spot anomalies in employee behavior. To prevent external attacks speakers at the conference said that trust needs to be established so there is more sharing of best practices and knowledge about new viruses, worms and other types of hacks within industry groups. Closer collaboration with law enforcement was also encouraged. The Forum’s Centre For Cybersecurity, which organized this week’s conference, said it plans to deliver the following ten messages to global leaders in Davos in January:
· It is the responsibility of public and corporate leaders to take ownership of the challenge to ensure global cybersecurity and digital trust.
· Board and C-Suite members need to gain a better understanding of the cyber risks to which their organization is exposed and of their cyber readiness, to be able to take more informed investment and resourcing decisions to enhance preparedness and resilience to attacks.
· Both public and private organizations need to improve their cyber crisis management, develop holistic response and recovery plans, including a crisis communication plan strategy, to limit economic, reputational and legal consequences.
· Leaders need to create a culture of cybersecurity from the entry level to the top leadership of an organization — creating awareness won’t suffice, but regular training and practical exercises can make a real difference.
· Leaders may need to rethink organizational structures and governance to enable a better cybersecurity posture and break silos.
· Innovation in cybersecurity and rapidly evolving technologies, such as AI, identity management and quantum, call for greater investment to stay ahead of cybercriminals who are adopting those technologies even faster and to their advantage.
· Global cooperation across the public and the private sectors is vital. Among the dimensions to be prioritized are information-sharing, business cooperation with law enforcement agencies, and skills and capacity development, particularly in emerging economies.
· Maintaining an open and secure Internet requires there be a collaborative effort between the public and private sectors. AgreedInternet Service Provider Principles are a major step towards reinforcing safety and trust in cyberspace.
· Trusted and verified cybersecurity ratings are required for the assessment and improved understanding of an organization’s cybersecurity posture and how it ranks with peers. Cybersecurity should be one element of a broader scorecard to evaluate for organizational resilience.The World Economic Forum and its Platform for Shaping the Future of Cybersecurity and Digital Trust aims to provide a neutral, trusted and globally recognized platform to facilitate cooperation and deliver tangible impact on the systemic challenge of global cybersecurity.
You can access more of The Innovator’s key takeaway articles here.