Cybersecurity leaders are recognizing the fact the cyber ecosystem is growing more complicated and due to this cyber risk related incidents are growing.
The World Economic Forum’s Centre for Cyber security, remains committed to bridging the gaps between the public and private sectors and between cyber and business leaders.
The report serves as an instrument to distil cyber-risk issues into achievable insights tailored to today’s executives.
This report invites leaders not only to recognize the hurdles but also to actively embrace the opportunities for positive change. It is a call for collective effort and innovation, urging leaders to work collaboratively towards a more secure, resilient and trustworthy digital future
Cyber Ecosystem risk is becoming more problematic
For any organization, the partners in its ecosystem are both the greatest asset and the biggest hindrance to a secure, resilient and trustworthy digital future. – 41% of the organizations that suffered a material incident in the past 12 months say it was caused by a third party. – 54% of organizations have an insufficient understanding of cyber vulnerabilities in their supply chain.
Even 64% of executives who believe that their organization’s cyber resilience meets its minimum requirements to operate say they still have an inadequate understanding of their supply-chain cyber vulnerabilities. – 60% of executives agree that cyber and privacy regulations effectively reduce risk in their organization’s ecosystem – up 21% since 2022.
90% of cyber leaders who attended the Annual Meeting on Cyber security believe that inequity within the cybersecurity ecosystem requires urgent action.
There is growing cyber inequity between organizations that are cyber resilient and those that are not What is the state of your organization’s cyber resilience this year?
Fig1
Emerging technologies will exacerbate long-standing challenges related to cyber resilience.
Fig2
93% of leaders of organizations excelling in cyber resilience trust their CEO to speak externally about their cyber risk
When asked Cyber regulations are perceived to be an effective method of reducing cyber risks. Do you believe cyber and privacy regulations effectively reduce cyber risks?
Alignment between cyber and business is becoming more common. Organizations (including both business and cyber leaders) must continue to invest in and maintain an awareness of essential security fundamentals.
29% of organizations reported that they had been materially affected by a cyber incident in the past 12 months.
The largest organizations say that the highest barrier to cyber resilience is transforming legacy technology and processes.
There is a clear link between cyber resilience and CEO engagement. This year, 93% of respondents that consider their organizations to be leaders and innovators in cyber resilience trust their CEO to speak externally about their cyber risk.
Of organizations that are not cyber resilient, only 23% trust their CEO’s ability to speak about their cyber risk.
The cyber skills and talent shortage continues to widen at an alarming rate
The smallest organizations are more than twice as likely as the largest to say they lack the cyber resilience they need to meet their minimum critical operational requirements.
At the other end of the spectrum, the highest-revenue organizations are 22% more confident than the smallest organizations that their cyber resilience exceeds their operational needs.
And yet the smallest-revenue organizations are also a troubling three times more likely to lack the cyber skills they need to meet their cyber-resilience objectives.
In 2022, 6% of leaders reported that they were missing the skills and people they needed to respond to a cyber incident. In 2023, this doubled to 12%. This year, when asked whether their organization has the skills it needs to accomplish its cyber objectives, 20% said that they do not.
For those large organizations reporting that they are leaders in cyber resilience, the emergence of this drastic drop in cyber resilience of small organizations should be especially alarming.
Core drivers of cyber inequity
- Some organizations prioritized resilience incorporated it into corporate culture and invested accordingly, while others did not.
- Some sectors more strictly regulated their members – for example, out of concern for human safety or national security, to safeguard personally protected information, or to protect the global financial system. Other organizations were forced to contend with a more hostile threat landscape and suffered a significant, often public incident.
- Over time, differences in organizational, sectoral and country-specific circumstances, as well as varied responses to universal cyber challenges, separated the market into clear leaders and stragglers.
- 90% of the 120 executives surveyed at the World Economic Forum’s Annual Meeting on Cyber security said that urgent action is required to address this growing cyber inequity. There is evidence of an appetite for systemic collaboration that supports SMEs.
(Image courtesy: www.europeandefenseagency)
