It’s an ‘increasingly fragmented and unpredictable world’, according to the World Economic Forum’s Global Cybersecurity Outlook report, released during the body’s annual meeting at the Swiss ski resort of Davos.
In a foreword, the authors do see improvement in a ‘crucial area – awareness of cyber-risk issues, at the executive level, has gone up’. The report represented a challenge to leaders, the foreword went on; to think more deeply about cybersecurity and listen more intently to cyber experts, and to each other, to ensure shared resilience.
Business leaders are more aware of their cyber issues than a year ago. They are also more willing to address those risks. Nonetheless, cyber leaders still struggle to clearly articulate the risk that cyber issues pose to their organisations in a language that their business counterparts fully understand and can act on, the report said. Cyber attackers
are more likely to focus on business disruption and reputational damage, named as the top two concerns among respondents. Near all, 91pc of respondents believe that a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years.
Some, 43pc of organisational leaders think it is likely that in the next two years, a cyber attack will materially affect their own organisation. “This, in turn, means that in many cases, enterprises are devoting more resources to day-to-day defences than strategic investment.” Data protection and cyber concerns created by geopolitical fragmentation are increasingly influencing how businesses operate, and the countries they invest in. Executives acknowledge that their cyber risk is influenced by their supply chain’s security. As for what to do, the report suggests a security-focused culture, that ‘requires a common language based on metrics that translate cybersecurity information into measurements that matter’, to boards and the wider business.
On talent recruitment and retention, that continues to be a key challenge, the report admits. It suggests promoting inclusion and diversity; and ‘understanding the broad spectrum
of skills needed today can help organisations to expand their hiring pools’. Developing more skills in cyber will take time, thought and investment, the report acknowledges. You can download the report, written with the consulting firm Accenture, from the WEF website: https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/.
Comment
David Bicknell, Principal Analyst, Thematic Intelligence at GlobalData, says: “There will be no let-up from the cybersecurity threat in 2023 and beyond. Geopolitical strife, especially the Russia-Ukraine conflict, will be the genesis of continued cyber threats, and we will see continued ransomware attacks, possibly fuelled by artificial intelligence (AI). This will put under-resourced corporate cybersecurity teams under constant pressure. Curbing the payment of ransoms will eventually lead to fewer attacks, but that will take time.
“Despite fears of wide-ranging cyberattacks in the future, there is some light at the end of the tunnel. 2023 will be the year many organisations’ maturity levels when it comes to the adoption of zero-trust security architectures increases. A zero-trust approach to security should give organisations better long-term damage limitation, even in the face of a feared catastrophic cyberattack by 2025. This ensures all access to corporate applications is verified and authorised, strengthening defences against attack. In some cases, a zero-trust officer will be appointed to coax, cajole, and bully companies on their zero-trust journey.
“In 2023, we will also see wider use of passkeys as a replacement for passwords, and, following the conviction of Uber’s former chief information security officer (CISO) Joe Sullivan for failing to report the company’s 2016 data breach, a greater focus on the responsibilities of a CISO’s role.”
