Partnership for Cyber Resilience
This initiative was launched in 2012 in response to the growing importance of cybersecurity. More than 100 organizations are now actively involved. The project’s third and current phase focuses on quantifying the impact of cyberthreats and exploring the feasibility of industry-wide risk assessment models
From the outset, the core principles of the World Economic Forum’s Partnering for Cyber Resilience initiative were established to raise awareness of cyber risk and to build commitment regarding the need for more rigorous approaches to cyber risk mitigation.
The core principals are:
1. Recognition of interdependence All parties have a shared interest in fostering a common, resilient digital ecosystem
2. Role of leadership Encourage executive-level awareness and leadership of cyber risk management
3. Integrated risk management Develop a practical and effective implementation programme that aligns with existing frameworks
4. Promote uptake Encourage suppliers and customers alike to develop similar levels of awareness and commitment
Early efforts focused on establishing context and tools for dialogue. A series of workshops organized around the Principles and Guidelines for Cyber Resilience advanced discussion to produce valuable guidelines and best practice principles for chief executives and government leaders. While the initial focus was on raising senior leaderlevel awareness of – and attention to – cyber resilience, the initiative has recognized the need for a shared cyber resilience assurance benchmark across industries and domains.
2012: Building awareness A summary of core principles and scope was published along with an assessment survey, Partnering for Cyber Resilience: Risk and Responsibility in a Hyperconnected World – Principles and Guidelines. in close collaboration with Deloitte, the initiative also produced a report summarizing feedback from the survey and related discussions entitled Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience.
2013: Issuing targeted guidance The initiative presented a comprehensive set of options for increasing cyber resilience and for mitigating the economic and strategic impacts of global digital ecosystem cyber threats. The intent was threefold: — Encourage awareness, understanding and action among top public and private sector leaders — Assess cyber threat risks and associated economic impact — Issue an informed set of recommended actions to mitigate the strategic and economic effects of threats through institutional readiness, policy development, critical infrastructure protection and information sharing.
2014-2015: Proposing an assessment framework The initiative, comprising more than 100 signatories, focused on ways to assess (model, measure and quantify) the impact of and exposure to cyber threats. Inputs were gathered from practitioners across a broad range of backgrounds and industries – industry leaders, vendors, regulators, public sector participants and other stakeholders. Building on the previous work and the cyber risk framework developed with the community, the initiative focused on identifying critical risks to the organizations and potential steps to cyber risk quantification models.
Contact: Elena Kvochko, Manager, Information Technology Industry, Partnering for Cyber Resilience, firstname.lastname@example.org; email@example.com
The project is tasked with enabling the digital economy to grow and thrive in the face of determined cyber-attacks. Its specific aims are to:
- Highlight cyber-resilience as a strategic focus for the leadership agenda
- Facilitate dialogue across different sectors, industries and regions on the key issues of cyber resilience (including information sharing, protection of critical infrastructure, and policy development)
- Develop approaches towards measurement and quantification of cyber threats
- Bharat Forge
- Depository Trust & Clearing Corporation (DTCC)
- Desjardins Group
- European Commission
- Europol (European Police)
- Godrej Industries
- Golomt Bank
- Good Technology
- Groupe Socota
- Hewlett-Packard Company
- International Criminal Police Organization (INTERPOL)
- Internet Corporation for Assigned Names and Numbers (ICANN)
- Iron Mountain
- Kaspersky Lab
- Link America
- Lockheed Martin Corporation
- Mara Group
- Olayan Group
- Organization of American States (OAS)
- Swiss Re
- Techonomy Media
- TIBCO Software
- World Economic Forum