More than 45 countries will hold elections this year to determine who governs more than 50% of the world’s GDP. With the proliferation of new technologies like Generative AI and their use by cyber criminals becoming more widespread, safeguarding the integrity and fairness of the election process will be a top priority for cybersecurity professionals, says a new World Economic Forum report. Geopolitical instability will also be top of mind as attacks against critical infrastructure and elements of supply chains, such as ships on the Red Sea, shift the risk landscape and threaten to have a macro impact.
These threats are not the only ones impacting the cybersecurity outlook in 2024. The increasingly stark divide between cyber resilient organizations and those that are less prepared has emerged as a key risk, says the report, which was compiled by the Forum, in collaboration with Accenture.
While large organizations have made gains in cyber resilience, small and medium sized businesses have shown a notable decline. “The healthy middle has shrunk from 67% in 2022 to around 36%,” Akshay Joshi, Head of Industry and Partnerships for the Forum’s Centre for Cybersecurity, said in an interview during the Forum’s annual meeting in Davos January 15-19. “Those that do not have the resources to invest are feeling the pain even more than before.”
The drastic drop in cyber resilience of the small companies that form the backbone of many economies threatens the integrity of the entire cyber ecosystem, says the report. Indeed, 90% of cyber leaders who attended the Forum’s Annual Meeting on Cybersecurity believe that this inequity requires urgent action.
Some 41% of the organizations surveyed by the Forum that had suffered a material incident in the past 12 months said it was caused by a third party and a 2023 report from SecurityScorecard and the Cyentia Institute found that “98% of organizations have a relationship with at least one third party that has experienced a breach in the last two years.”
These breaches are unlikely to disappear anytime soon, according to a Forum survey of executives last June and November. Some 64% of executives who believe their organizations are cyber ready say they don’t have an adequate understanding of their supply chain cyber vulnerabilities, increasing their own chances of a cyberattack.
What’s more among ill-prepared small organizations– which are often unable to prevent critical operational disruption from an incident and can incur disproportionate financial loss to recover –only 25% carry cyber insurance. That’s three times less likely than the largest organizations by revenue, which report a 75% cyber-insurance adoption rate. As the prices of cyber insurance continues to rise exponentially, the expectation is that this gap will widen in parallel, leaving smaller organizations with even fewer options to reduce their risk and keep their businesses from collapsing, the report says.
The growing inequity involves not just companies but countries and mirrors other global development indicators, says the report. Latin America and Africa reported the highest number of insufficiently cyber-resilient organizations, while North America and Europe reported the lowest number, the report says.
The technological divide between organizations and nations that can adequately handle cyberattacks poses both a threat to the entire ecosystem and outsized risks to those that are already vulnerable, says the report.
What is a needed, says an executive at financial services firm Sun Life who is quoted in the report, is to “design risk-appropriate, affordable and fit-for-use cyber-resilience architectures for large multinational and SMES alike.”
The Technology Gap
However, the report notes that technologies used for cybersecurity are becoming so sophisticated that even if they could afford them SMEs might not be able to operate them.
Emerging technology is becoming available more widely and far faster than in the past but is not distributed evenly. For example, large corporates are rapidly embracing the use of generative AI.
Nearly half of leaders surveyed by the Forum say they believe generative AI will have the most significant impact on cyber security in the next two years, says Joshi. While 56% of leaders surveyed said that generative AI will advantage cyber attackers in the next two years, helping them to craft better phishing emails, spread disinformation and improve their malware, it is also expected to help corporates improve cybersecurity as Generative AI Large Language Models (LLMs) can be used as a way of automating or assisting analysts with threat-hunting, says Joshi. “Long term the opportunities outweigh the risks,” he says. But using sophisticated new technologies requires the right people with the right skill sets and they are in short supply.
The Skills Gap
There is a massive shortage of cybersecurity professionals, says Joshi. More than 600,000 cybersecurity jobs remain unfilled world-wide and the vacancies are increasing.
In 2022 6% of leaders reported that they were missing the skills and people they need to respond to a cyber incident. In 2023, this doubled to 12%. This year, when asked whether their organizations had the skills needed to accomplish cyber objectives 20% said they do not, according to the Forum report.
Here, too ,the inequity gap is widening: 31% of leaders from the smallest organizations by revenue reported they are missing critical people and skills; yet only 11% of leaders from the largest organizations said the same, according to the Forum report.
Forum research indicates that by 2027 44% of workers’ core skills will be disrupted because technology is moving faster than companies can design and scale their training. This is true in cybersecurity, where the talent gap continues to pose very real challenges across public and private industries. To address this organizations must tap into new talent pools and provide employees with training.
To that end the Forum has launched an initiative called “Bridging The Cyber Skills Gap.” “Over 50 organizations are working on this,” says Joshi. The challenge for organizations is to identify employees that can be upskilled and begin careers in cybersecurity. “We need to find the right incentives and create the right narrative around cybersecurity that inspires people to join,” he says.
Building Ecosystem Resilience
Building systemic cyber resilience will depend on the ability of countries and companies to scale their upskilling efforts, the quantity and quality of industry collaborations, the effectiveness and clarity of regulations, the maturity and accessibility of the cyber insurance market and the extent to which organizations understand cyber risk coming from their own supply chains and third-party relationships, says the Forum report. However, only 23% of leaders surveyed are optimistic that industry and ecosystem collaboration will significantly improve in the next two years.
Action is needed to change the current trajectory, says the report, as the struggle to maintain high-quality or even adequate cyber resilience is fast becoming a zero-sum game. If companies and governments don’t mind the gaps, says the report, the interconnection of the digital economy makes it inevitable that the negative effects will compound, affecting everyone.
To access more of The Innovator’s Cybersecurity articles click here.
