Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Improved Cyber Security Could Save Global Economy Trillions: World Economic Forum

According to a new report released by the World Economic Forum, failure to improve cyber security on a global scale could cost the world economy trillions of dollars in economic value and lead to more frequent cyber attacks.

According to a new report released by the World Economic Forum, failure to improve cyber security on a global scale could cost the world economy trillions of dollars in economic value and lead to more frequent cyber attacks.

The report, Risk and Responsibility in a Hyperconnected World, written in collaboration with McKinsey & Company, examines the need for new approaches to increase resilience against cyber attacks.

Released this week during the poshy World Economic Forum Annual Meeting in Davos-Klosters, Switzerland, the report draws on knowledge and opinions derived from over 300 global executives, government figures, civil society and experts from different business sectors.

According to statistics cited by the World Economic Forum, technology trends such as cloud computing and big data have the potential to create between $9.6 trillion and $21.6 trillion in value for the global economy. However, the reports notes, if attacker tactics outpace the capabilities of defenders, more destructive attacks will result and spark a wave of new regulations and corporate policies that could slow innovation with a massive economic impact.

World Economic Forum 2014
Aerial photo from the new, futuristic and stylish Intercontinental Hotel in Davos, Switzerland. The Annual Meeting 2014 of the World Economic Forum will take place in Davos from January 22 to 25, 2014. (Image Credit: World Economic Forum)

The report outlined three different scenarios for how things could look in 2020, based on the conceivable value created from innovations in technology that could be affected by global organizations’ ability to defend against cyber attacks.

In what some may suggest is a casting of fear, uncertainty and doubt (FUD), the report illustrates a scenario where the frequency of attacks significantly escalates, and international cooperation to combat the proliferation of cyber weapons proves elusive. As a result, the report predicts that government “cyber resilience regulations” would become more directive, and disturb adoption of innovative technologies. Under this scenario, the World Economic Forum projected that much as $3 trillion in value created by adopting these technological innovations would remain unrealized.

In a less gloomy scenario, if attackers retain an advantage over defenders, but defenders are able to respond to cyber threats reactively, but successfully, adoption of innovative technologies would slow—but not to the level as the scenario above. Under these conditions, the threat level increases incrementally as more sophisticated cyber weapons leave defenders behind attackers. In this scenario, as much as $1.02 trillion in value from technological innovation would be left unrealized over the next five to seven years, the report said.

In a best-case scenario, the report suggests that proactive action and successful cooperation between the public and private sectors would limit the proliferation of cyber weapons and attack tools, build institutional capabilities and stimulate innovation. As a result, technological innovation would be enabled, “accelerating digitization and creating significant economic value over the remainder of this decade.”

According to those interviewed for the report, large institutions often lack the facts and processes to make and implement effective decisions about cyber resilience.

Advertisement. Scroll to continue reading.

“Most large institutions do not systematically understand which information assets need to be protected, who are their attackers, what is their risk appetite or which is the most effective set of defense mechanisms,” the report explained.

While resources need to be allocated to cyber security, the report found that security spending and effectiveness do not always go hand and hand.

Companies that spend more on “cyber resilience” do not necessarily manage cyber risks in a more mature way—many are just throwing money at the problem, the report said.

“Developing resilience to cyber risks in our economic and social systems is not a question of simply building walls for security,” said Alan Marcus, Senior Director and Head of Information Technology and Telecommunications Industries at the World Economic Forum USA. “There are trade-offs to be made with other goals we wish to value, such as privacy, growth, innovation, and the free flow of goods and data. But to make good decisions, we need better data.”

To protect against the strategic and economic effects of such costly attacks, the report outlines ways to build awareness, understanding and action with top public and private sector leaders. It also assesses the economic impact of concerns around cyber risks and proposes a global framework aimed at coordinating collaboration and provides a capabilities based-roadmap for businesses and governments.

Taking Action

Organizations need to prioritize information assets based on business risks and integrate cyber resilience into enterprise-wide risk management, the report said. Additionally, organizations should differentiate protection based on importance of assets, develop deep integration of security into technology environment and deploy active defenses to uncover attacks proactively.

World Economic Forum on Cybersecurity

Security teams also need to work with business leaders to gain a better understanding of business risks, such as intellectual property, and to set appropriate priorities to the underlying information assets.

“Cyber resilience is an enterprise risk, and must be managed like one,” the report said. “Assessments of risks from cyberattack must be integrated with other risk analysis and presented at relevant management and board discussions. Cyber resilience implications must be integrated into the broad set of enterprise governance functions such as human resources, vendor management and regulatory compliance.”

“There needs to be a fundamental change in the way we protect ourselves from cyber attacks. Check-the-box compliance-based approaches simply don’t work anymore,” said James Kaplan, a Partner at McKinsey & Company. “Companies and public institutions need to build cybersecurity capabilities that are scalable, deeply integrated into the broader IT environment and focused on addressing the more important business risks.”

In the public sector, leaders should establish a comprehensive, transparent national cyber strategy that integrates procedures across all policy domains and ensure that law enforcement and the state have a comprehensive and flexible legal code and capabilities to take action when needed.

“Cyberattacks have the potential to change the nature of warfare and international relations, almost past the level of the Cold War,” said the CIO of a European aerospace and defense company.

In a November 2012 forum, Kaspersky Lab chief Eugene Kaspersky said governments still don’t understand how dangerous cyberweapons really are. Kaspersky suggested that nation-states will have different reasons for resorting to cyber-terror tactics than hacktivists, and that traditional terrorists will also be a player.

“The next 10 years we’ll see more and more attacks,” Kaspersky said. “I’m afraid that other states will join the game. We’ll see much more sophisticated attacks.”

Cyber events are changing the nature of interstate relations, and nations should establish a national cyber doctrine to define and express their positions on the use of cyber resilience tools and weapons for national purposes, the World Economic Forum report suggests.

The 40-page report from the World Economic Forum includes additional survey data on cyber resilience capabilities, and provides a 14-point roadmap for collaborative actions that organizations can take to gauge their current level of cyber risk capability and improve their readiness.

The World Economic Forum’s Risk and Responsibility in a Hyperconnected World Project is a global, multi-industry, multi-stakeholder endeavor to improve cyber resilience, raise business standards and contribute to a safer and stronger connected society. Today, the partnership comprises more than 100 signatories.

The full report from the World Economic Forum is available here.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...