There is a wide perception gap between business executives who think their companies are cyber resilient, and the people charged with cybersecurity at their organizations, according to a newly released report from the World Economic Forum. Only 19% of polled security leaders, including CISOs, CIOs, Chief Security Officers and VPs of Security, said they feel confident that their organizations can anticipate, withstand and recover from cyber threats.
Part of the problem is that there is confusion between cybersecurity and cyber resilience. The report defines cybersecurity as the ability to defend against an attack. Cyber resilience is about the ability to swiftly respond to incidents and recover. While 92% of business executives surveyed said cyber resilience is integrated into risk management strategies, only 55% of security-focused executives surveyed agree. CISOs and other security leaders said they are not being consulted on business decisions and struggle to gain the support of decision-makers in prioritizing cyber risks. “This gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies,” says the Global CyberSecurity Outlook 2022 report, which was compiled with the help of Accenture and published on January 18 during this week’s Davos Agenda, an online meeting organized by the Forum for leaders to share their outlook, insights and plans on the most urgent global issues.
“The report’s objectives are two-fold,” says Algirde Pipikaite, the Forum’s Cybersecurity Strategy Lead. “One is producing the research so we can equip cyber leaders with data to help them make business leaders understand there is a perception gap,” she says. “The second is to directly address boards, policy makers and CEOS. What we want is for non-technical non-cyber executives to be able to understand the main challenges and main priorities that they need to focus on in 2022, especially elevating cybersecurity to a strategic level topic.
Cyber Crime Is Soaring
The accelerating pace of digitalization has led to record-breaking cybercrime. Ransomware attacks rose 151% in 2021, according to the report. Social-engineering attacks and attacks by insiders, i.e. organization’s current or former employees, contractors or trusted business partners who misuse their authorized access to critical assets in a manner that negatively affects the organization, are two other big concerns. There were on average, 270 cyberattacks per organization during 2021, a 31% increase on 2020, with each successful cyber breach costing the company $3.6 million. After a breach becomes public the average share price of the hacked company underperforms the NASDAQ by -3% even six months after the event.
Companies Are Woefully Unprepared
Companies need on average 280 days to identify and respond to a cyberattack, according to the report. Recruiting and maintaining cybersecurity talent is a major concern. When asked whether their organization had the skills needed to respond and recover from a cyberattack, the survey found that 50% of all respondents would find it challenging to respond due to the shortage
of skills within their team, and less than 25% of companies with 5,000 to 50,000 employees, “have the people and skills [they] need today”. Many respondents said they rely on third parties to support them when a cyber incident occurs.
Securing The Supply Chain
Security leaders are not just worried about their own organization’s ability to respond. They are concerned about vulnerabilities in their supply chain and other third-party partnerships. In the survey 88% of respondents indicated that they are concerned about cyber resilience of small and medium-sized enterprises (SMEs) in their ecosystem. The survey found that almost 40% of respondents have been negatively affected by a third-party vendor/supply chain organization cybersecurity incident. Nearly half (44%) of the surveyed CEOs indicated that software supply chain attacks will have the greatest influence on their organization’s approach to cybersecurity in the future. Many do not trust that their vendors are ready for the challenge: 58% of respondents feel that their partners and suppliers are less resilient than their own organization.
Building Resilience
In the hopes of helping companies build better cyber resilience the Forum, in collaboration with the National Association of Corporate Directors (NACD) and Internet Security Alliance (ISA), is developing guidance for the corporate governance of cyber risk and has produced a toolkit for boards.
The Forum’s Centre for Cybersecurity is also working on a Cyber Resilience Index to help businesses evaluate their readiness and benchmark against the preparedness of other companies in their industries and in their regions.
“We want to establish a trusted index for cyber resilience benchmarks,” says Pipikaite. “What we are hearing is ‘ do not tell us what the best funded organizations are doing because we don’t have the budget or the staff to replicate that nor do we have the same compliance requirements.’ Instead, companies want to know what others in their sector and their region are doing. They need to know if they are underinvesting or overinvesting, time wise, in terms of human capital, policy and strategy.”
The Forum is seeking input on the cyber resilience index from corporates, NGOS, academics and regulators. “We are actively seeking diverse points of view in order to cover as many angles as possible,” Pipikaite says. The goal is to establish a cyber risk framework and a benchmark index by June and to launch a pilot with the oil and gas sector, she says.
IN OTHER NEWS THIS WEEK:
CYBERSECURITY
Russia Arrests Hackers Tied To Major U.S. Ransomware Attacks
The Russian government said it had arrested members of the prolific criminal ransomware group known as REvil that has been blamed for major attacks against U.S. business and critical infrastructure, disrupting its operations at the request of U.S. authorities.Russia’s security service, the FSB, said in an online press release that it had halted REvil’s “illegal activities” and seized funds belonging to the group from more than two dozen residences in Moscow, St. Petersburg and elsewhere. REvil members were arrested in relation to money-laundering charges, the FSB said. It didn’t provide names of any of the suspects.The arrests included “the individual responsible for the attack on Colonial Pipeline last spring,” a particularly devastating ransomware offensive that led to the main conduit of fuel on the U.S. East Coast being shut down for days, a senior Biden administration official said.
RETAIL
Amazon Is Opening A Real-World Clothing Store With High Tech Fitting Rooms
Amazon is opening a clothing store in the physical world. The first Amazon Style store, located in the Los Angeles suburb of Glendale, Calif., will open its doors later this year, the company announced Thursday.The store will feature women’s and men’s apparel, shoes, and accessories from a mix of well-known and emerging brands, with prices catering to a wide range of shoppers.When shoppers walk into the store, they’ll see “display items,” featuring just one size and color of a particular product; the remaining inventory for each product will kept in the back of the store. After logging into the Amazon app on a smartphone, they’ll scan a QR code on the item to view additional sizes, colors, product ratings and other information, such as personalized recommendations for similar items. After scanning the QR code on an item, shoppers can click a button in the Amazon app to add the item to a fitting room or send it to a pickup counter.
Chinese E-Commerce Giant Tests New Model In Europe
JD.com, the second-largest e-commerce platform in China, has opened two “robotic” shops in the Netherlands as it tests a new shopping model in the European market.Branded as Ochama, combining the concepts of “omnichannel” and “amazing”, the stores merge online ordering with pickup shops where robots prepare parcels for collection and home delivery services are offered, the company said in a statement.This is the first time that the Beijing-based tech giant, which has expertise in retail and logistics technologies, has opened a physical retail store in Europe. The first two shops will be in Leiden and Rotterdam.
Shopify Steps Up China Expansion Through Tie-Up With E-Commerce Giant JD.com
Shopify has partnered with Chinese e-commerce giant JD.com to help U.S. merchants sell their goods in the world’s second-largest economy.The deal marks a significant step up in Shopify’s China expansion and is another step in JD’s internationalization efforts.JD said it will open an “accelerated channel” for brands on Shopify to begin selling via its cross-border e-commerce site in China. Merchants can set up shop in three-to-four weeks rather than the typical 12 months that it takes foreign brands to begin selling in China, JD said. JD will handle the price conversion as well as logistics from U.S. to China. Shopify and JD will also “collaborate to simplify access and compliance for Chinese brands and merchants looking to reach consumers in Western markets,” they said.
Walmart, Ralph Laurent Preparing To Enter The Metaverse
CNBC reported that Walmart appears to be venturing into the metaverse with plans to create its own cryptocurrency and collection of nonfungible tokens, or NFTs.The big-box retailer filed several new trademarks late last month that indicate its intent to make and sell virtual goods, including electronics, home decorations, toys, sporting goods and personal care products. In a separate filing, the company said it would offer users a virtual currency, as well as NFTs.
Meanwhile Ralph Lauren CEO Patrice Louvet said January 17 that the fashion brand is chasing opportunities in the metaverse as a way to attract younger shoppers. At the National Retail Federation’s annual conference, he said consumers can already buy Ralph Lauren’s digital apparel and make a virtual visit — or even have a virtual coffee — at the company’s Madison Avenue store. He said the retailer is considering whether to buy real estate in that digital world, where e-commerce, gaming and social media collide.
FINANCIAL SERVICES
Google Resets Its Foray Into The Banking Sector
Google has hired PayPal exec Arnold Goldberg to help reset its ambitions for banking and payments. The tech giant’s most recent foray into the banking sector, Plex, was killed off after bank’s got cold feet about giving the firm a leg-up into the current accounts business. Google’s President of Commerce Bill Ready says Arnold’s recruitment is part of a broader strategy to take a more nuanced approach to financial services and the payment industry, including cryptocurrencies. “We’re not a bank,” Ready told Bloomberg. “We have no intention of being a bank. Some past efforts, at times, would unwittingly wade into those spaces.” Google wants to become the connective tissue for the entire consumer finance industry, not just certain partners, according to Ready.
ENTERTAINMENT
Meta’s Plans For The MetaVerse
The Financial Times has reviewed hundreds of applications by Meta (the company formerly known as Facebook) to the US Patent and Trademark Office, many of which were granted this month. They reveal that Meta has patented multiple technologies that wield users’ biometric data in order to help power what the user sees and ensure their digital avatars are animated realistically. But the patents also indicate how the Silicon Valley group intends to cash in on its virtual world, with hyper-targeted advertising and sponsored content that mirrors its existing $85 billion-a-year ad-based business model. This includes proposals for a “virtual store” where users can buy digital goods, or items that correspond with real-world goods that have been sponsored by brands.
Some of the patents relate to eye and face tracking technology, typically collected in a headset via tiny cameras or sensors, which may be used to enhance a user’s virtual or augmented reality experience, according to the FT article. For example, a person will be shown brighter graphics where their gaze falls, or ensuring their avatar mirrors what they are doing in real life. One Meta patent, granted on January 4, lays out a system for tracking a user’s facial expressions through a headset that will then “adapt media content” based on those responses. There is a “wearable magnetic sensor system” to be placed around a torso for “body pose tracking”.Another patent proposes an “avatar personalisation engine” that can create three dimensional avatars based on a user’s photos, using tools including a so-called skin replicator.
“The objective is to create 3D replicas of people, places and things, so hyper-realistic and tactile that they’re indistinguishable from what’s real, and then to intermediate any range of services . . . in truth, they’re undertaking a global human-cloning program,” Noelle Martin, a legal reformer who has spent more than a year researching Meta’s human-monitoring ambitions with the University of Western Australia, told the Financial Times.
Microsoft’s Activision Blizzard Deal To Power Its Netflix Of Gaming Ambition
With its $75 billion deal for Activision Blizzard, Microsoft aims to shake up the gaming industry by building out its library of blockbusters and bolstering its efforts to entice consumers onto its cloud-gaming service.
BEAUTY AND HEALTHCARE
Alphabet In Skincare Deal With L’Oreal
Alphabet money-losing health tech arm Verily said it would study skin health and explore new products with cosmetics maker L’Oreal. The company declined to disclose terms of what it called a “strategic, multi-year partnership and research collaboration” with L’Oreal. Dr. Amy Abernethy, president of Verily’s clinical research platforms, said the company’s technology will underpin a longitudinal examination into skin issues and environments and behaviors possibly affecting them. Results could aid development of diagnosis and treatment options. Abernethy, who has worked closely with skin cancer patients, noted that existing technology struggles to differentiate between similar-looking skin conditions.By working together, the companies’ aim is to “power every single person with access to the most inclusive and personalized information on their skin management,” said Barbara Lavernos, deputy chief executive officer at L’Oreal.
FOOD AND AGRICULTURE
Tnuva Partners On New Cultured Beef Venture
Israeli food giant Tnuva is setting its sights on the cultured meat market with its own startup that will develop lab-grown beef in partnership with biotech firm Pluristem Therapeutics, a Haifa-based cell therapy company traded on the Nasdaq.
ENERGY
Engie Eyeing Saudi Arabia, Oman Green Hydrogen Projects
French utilities company Engie is eyeing participating in green hydrogen projects in Saudi Arabia and Oman amid plans to jointly develop at least 2 GW of projects with Abu Dhabi-based renewables company Masdar in the UAE and abroad by 2030, a company official told S&P Global Platts Jan. 19.
MOBILITY
Ford Signs Five Year Payments Deal With Stripe As Part Of E-Commerce Drive
Online payment processor Stripe has signed up Ford Motor Company as a customer, in a five-year deal aimed at bolstering the automotive giant’s e-commerce strategy. Ford Motor Credit Company, the carmaker’s financial services arm, will use Stripe’s technology to process digital payments in markets across North America and Europe, the companies said in a statement Monday. Stripe will handle transactions for consumer vehicle orders and reservations, as well as bundled financing options for Ford’s commercial customers. The automaker also plans to use Stripe to route a customer’s payment from its website to the correct local Ford or Lincoln dealer.
To access more of The Innovator’s News In Context articles click here.
