Cyber risk is an obvious outcome of increased digitalisation. The pandemic brought with it greater digitalisation along with increased cyber incidents that paralysed critical services and infrastructure. And this trend shows no signs of abating.
A recent report from the World Economic Forum analyses cyber leaders’ perceptions and outlook towards cybersecurity and cyber resilience.
There’s a lot happening over the internet now. The amount of data created has surpassed expectations.
Exhibit 1: Estimated amount of data created on the internet in one minute
The cost of breaches has also risen, with companies requiring on average 280 days to identify and respond to a cyberattack. Globally, ransomware attacks rose significantly by 151% in the first six months of 2021.
Exhibit 2: Top three cyberattacks organisations are most concerned about
But what cyber leaders fear the most is infrastructure breakdown due to a cyberattack.
Exhibit 3: Personal cybersecurity concerns of cyber leaders
Cyber leader confidence
Cyber leaders are also equally confident of their cyber resilience. The report found that more than 84% considered cyber resilience a business priority, while 87% are already strengthening cyber resilience by developing policies, processes and/or standards on how to engage third parties.
Exhibit 4: Cyber leader confidence
Evolving cyber leader roles
Cybersecurity leaders are now constantly expected to juggle responsibilities of protecting their organisations from cyber threats, while managing and responding to critical business functions.
Exhibit 5: Cyber leaders: Security-focused and business executives
The report further details three main gaps between a security-focused executive (for example, chief information security officer) and a business executive (for instance, chief executive officer).
Exhibit 6: Three gap areas between security-focused and business executives
Differences in perceiving cyber resilience
There is a wide disconnect in how business executives perceive cyber resilience than a cybersecurity leader. There needs to be a two-way communication that will establish a link for both these leaders to share their expertise in achieving organisational growth.
Exhibit 7: Differences in perceiving cyber resilience as a business priority
The report also points to lack of leadership support that security-focused leaders face globally in terms of sufficient cybersecurity budget and decision-making powers.
Exhibit 8: Differences in perceiving the integration of cyber resilience into enterprise risk management
Cyber regulations and legal decisions are shaping the future of cybersecurity. But would that be enough? As Jim Alkove, Chief Trust Officer, Salesforce, frames it, “Business leaders must implement a cybersecurity strategy with an eye towards what’s needed to build a trusted enterprise, not just to meet minimum requirements from a legal or regulatory perspective. Consider the expectations of all stakeholders—customers, employees and partners included—and work to achieve, if not exceed, those measures.”
Lack of cybersecurity professionals
Cybersecurity professionals are in short supply in the market. Less than 25% of the companies with 5,000 to 50,000 employees have the needed people and skills to counter cyberattacks today.
Exhibit 9: Skills and talent currently available to cyber leaders to counter cyberattacks
Additionally, cyber leaders are also not sharing information openly about their cyber resilience practices and capabilities.
Exhibit 10: Are cyber leaders sharing information about their cyber-resilience practices and capabilities across the ecosystem?
Securing the ecosystem
It is imperative for organisations to develop resilient cyber policies, processes and/or standards along with a transparent information sharing process to push for a cyber resilient ecosystem.
Exhibit 11: Actions to secure the ecosystem
Going forward, every leader should factor in the opportunities and challenges that each emerging technology brings when adopting or implementing it. Business leaders should also prioritise safe cybersecurity practices along its entire value chain. Although cyber incidents cannot be snubbed out in its entirety, at least organisations can be better prepared for future threats.
