Firms have been on an ongoing journey towards digital. The pandemic was the spark that picked up the pace on digitalisation and improved practices and approaches for many businesses. However, these organisational changes have also left many open to cyber attacks – which are only becoming more frequent, damaging and costly. Cyber threats are only going to increase as more sophisticated tools and methods become widely available to threat actors.
The World Economic Forum’s (WEF) 2022 global cybersecurity report echoes this but goes further to examine insights about the state of cyber resilience, perception gaps between executives, the threat of ransomware, the risk around small and medium-sized enterprises (SMEs), and the need for clear regulation to support information exchanges.
The WEF’s survey found that 81% of respondents believe that, among many factors pushing cybersecurity as a priority, the ongoing digital transformation is fuelling improvements in cyber resilience. The acceleration in digitalisation, driven by the pandemic and the subsequent changes in working approaches has shone a spotlight on cyber resilience.
A clear majority - 87% - of executives plan to enhance their organisational protection by strengthening resilience policies, processes and standards for how to engage and manage third parties.
The increased risk from digitalisation must be mitigated with awareness from senior leadership teams.
The report also highlighted the perception gaps between security-focused executives, such as chief information security officers, and business executives - chief executive officers. This explains why security professionals are left out of commercial decision that impact the cybersecurity and leaves firms vulnerable.
The gaps were identified in three primary areas:
Firms should aim to reduce these gaps through effective communication and embedding of security frameworks into business decisions.
Most cyber leaders emphasised that ransomware is a dangerous and evolving threat to public safety. The survey confirmed that ransomware attacks are at the forefront of cyber leaders’ minds; they are acutely aware of these types of attacks, with 50% of respondents indicating that ransomware is one of their biggest concerns among cyber threats.
Social engineering and malicious insiders were respectively the second and third ranked concerns for cyber leaders.
Firms should ensure they have strong measures in place to reduce the risk from these cyber threats, often starting with educating employees and promoting the understanding of main risks.
88% of respondents highlighted worries over the cyber resilience of SMEs that operate in their supply chains, partner networks and ecosystems.
Firms can look to map how their security systems interact with other companies and identify weaknesses. Then they can collaborate with SMEs to reduce the threat of compromising security.
The survey also showed that there is demand from cyber professionals for clear regulation to allow and encourage information sharing and collaboration. These types of exchanges are valuable, as 90% of respondents noted that information from external information-sharing groups and/or partners provide actionable insight.
Firms must understand what security and resilience means for them, especially if they are undertaking a digital transformation. Regulators and consumers are increasingly focused on the risk of threats and attacks, making cyber a commercial priority.
If you want access to leading advice, consultancy and support, we offer a range of services across cyber. Our cybersecurity team, led by Nick Smith, have provided security audits across sectors. Talk to us for advice and quotations on our services.