Digitalisation projects leave firms vulnerable to increasingly frequent cyber incidents. Nick Smith discusses the key lessons from the WEF’s 2022 global cybersecurity report, including what firms can do to protect against attacks and improve resilience.
Firms have been on an ongoing journey towards digital. The pandemic was the spark that picked up the pace on digitalisation and improved practices and approaches for many businesses. However, these organisational changes have also left many open to cyber attacks – which are only becoming more frequent, damaging and costly. Cyber threats are only going to increase as more sophisticated tools and methods become widely available to threat actors.
The World Economic Forum’s (WEF) 2022 global cybersecurity report echoes this but goes further to examine insights about the state of cyber resilience, perception gaps between executives, the threat of ransomware, the risk around small and medium-sized enterprises (SMEs), and the need for clear regulation to support information exchanges.
Cyber is a strategic priority
The WEF’s survey found that 81% of respondents believe that, among many factors pushing cybersecurity as a priority, the ongoing digital transformation is fuelling improvements in cyber resilience. The acceleration in digitalisation, driven by the pandemic and the subsequent changes in working approaches has shone a spotlight on cyber resilience.
A clear majority - 87% - of executives plan to enhance their organisational protection by strengthening resilience policies, processes and standards for how to engage and manage third parties.
The increased risk from digitalisation must be mitigated with awareness from senior leadership teams.
Perception gaps raises risks
The report also highlighted the perception gaps between security-focused executives, such as chief information security officers, and business executives - chief executive officers. This explains why security professionals are left out of commercial decision that impact the cybersecurity and leaves firms vulnerable.
The gaps were identified in three primary areas:
Cyber is a priority in business decision: 92% of business executives agreed that cyber resilience is integrated into enterprise risk-management strategies, while only 55% of security-focused leaders surveyed agreed.
Senior leadership supports cybersecurity: 84% of professionals believe that cyber resilience is considered a business priority, but only 68% see cyber resilience as a major part of their overall risk management.
Cybersecurity talent is difficult to find: The survey found that 59% of all respondents would find it challenging to respond to an incident due to the shortage of skills. Talent recruitment and retention was identified by the majority as the most challenging part, but business executives seem less aware of the gaps than their security-focused executives, who perceive their ability to respond to an attack with adequate personnel as one of their main vulnerabilities.
Firms should aim to reduce these gaps through effective communication and embedding of security frameworks into business decisions.
Ransomware tops threat concerns
Most cyber leaders emphasised that ransomware is a dangerous and evolving threat to public safety. The survey confirmed that ransomware attacks are at the forefront of cyber leaders’ minds; they are acutely aware of these types of attacks, with 50% of respondents indicating that ransomware is one of their biggest concerns among cyber threats.
Social engineering and malicious insiders were respectively the second and third ranked concerns for cyber leaders.
Firms should ensure they have strong measures in place to reduce the risk from these cyber threats, often starting with educating employees and promoting the understanding of main risks.
SMEs endanger organisational security
88% of respondents highlighted worries over the cyber resilience of SMEs that operate in their supply chains, partner networks and ecosystems.
Firms can look to map how their security systems interact with other companies and identify weaknesses. Then they can collaborate with SMEs to reduce the threat of compromising security.
Encouraging information sharing and collaboration
The survey also showed that there is demand from cyber professionals for clear regulation to allow and encourage information sharing and collaboration. These types of exchanges are valuable, as 90% of respondents noted that information from external information-sharing groups and/or partners provide actionable insight.
What can firms do now?
Firms must understand what security and resilience means for them, especially if they are undertaking a digital transformation. Regulators and consumers are increasingly focused on the risk of threats and attacks, making cyber a commercial priority.
If you want access to leading advice, consultancy and support, we offer a range of services across cyber. Our cybersecurity team, led by Nick Smith, have provided security audits across sectors. Talk to us for advice and quotations on our services.