Cybersecurity needs a holistic approach. Here are three ways to build protection

I believe that confidence is key to getting the most from our digital world. This confidence is dependent on cybersecurity and data stewardship. That’s why, at Zurich, we look at cyber risk mitigation strategically and apply a holistic, proactive and preventative approach to cyber risk management. This is the case at all levels, from operations to strategy. We use this approach for ourselves, our customers and for wider society.

I also believe that, in order to fully leverage the benefits of the internet and the digital economy, the private and public sectors must work together to gain an in-depth understanding of the nature and evolution of underlying risks. As the internet evolves, the nature of cyber risks are fundamentally changing.

Governments, the private sector and civil society must work together closely in a multi-stakeholder approach to protect the integrity and reliability of cyberspace. This is why I am excited by the prospects of the World Economic Forum’s Centre for Cybersecurity. The better we become at working together to address problems and understand dependencies, the more secure cyberspace will be.

Currently, the overall cybersecurity and safety landscape bears similarity to the early days of aviation - dangerous, with a lot of error. Now, aviation is very safe. For cybersecurity, we have not yet achieved that level of safety. However, it’s important to remember that what got the aviation industry to a safer level was standards - global standards. This is why the work of the Forum and other international organizations is so important. We need real, meaningful agreements around information sharing, incident reporting and other issues in order to understand the risk, and in order for insurance carriers and other stakeholders to be able to play their part in mitigating it.

In addition, the development of practices that foster security-by-design or security-by-default are likely to emerge as industry standards in response to increased threats. I believe this presents a great opportunity for the Forum’s Centre for Cybersecurity to consider ways to take a leadership role in gathering and promoting security-by-design principles, best practices and security reference architectures, helping shape their direction, rather than waiting for standards to emerge on their own.

As Chief Information Security Officer for the Zurich Insurance Group, my team and I obviously have an important role to play, but within any organization, cybersecurity must be everyone’s job. While cyber strategy must be determined at the oversight board level, it should definitely not stop there. In order to be effective, it must be embraced by the entire organization, its systems, its supply chains and its workforce.

There are several ways in which companies can think about protection against this increased risk:

1. Build a culture of awareness

Cyber risks are no longer just an IT concern, nor are they limited to certain sectors of an organization. Every employee, from the boardroom to the mailroom, plays an important role in keeping an organization cyber secure, and understanding their responsibilities for holding data securely.

2. Adopt a mindset of cyber resilience

With reputational risk, economic losses and legal consequences on the line, it is crucial for companies to create and implement an incident response plan in the event that a cyber incident occurs. Responding quickly and effectively will not only mitigate these risks, but also ensure a successful recovery.

3. Practice, practice, practice

While practice may not always make perfect, it can be pivotal when responding to a cyber incident. Just having an incident response plan in place is not enough - it’s imperative that the plan be practiced and updated on a regular basis, adjusting as needed for different scenarios and variations of cyber threats.

I’m proud to work for an organization that is very engaged in taking a leading role in public-private collaboration on cybersecurity. Our recent endorsement of the Paris Call for Trust and Cybersecurity in the Cyberspace, as well as our announcement as a partner of the World Economic Forum’s Centre for Cybersecurity, are just the latest proof-points of this growing commitment.