In the early era of industrial growth, the only option for a successful business was to fully integrate supply chains and human capital. The rise of the use of digital technology in the 1980s and 1990s resulted in radically reduced transaction costs between businesses. Communications between organizations driven by early cyber pioneers became flexible and dynamic – collaboration and outsourcing, rather than ownership, started to become the new normal.

In an era of artificial intelligence, 5G and ubiquitous connectivity, some economists predict that the organizations of the future will be platform models, organizations that have shed ownership and only concentrate on the matching of needs.

Since the turn of the millennium, the cybersecurity industry has been grappling with the most ruthless adopters of platform models: cybercrime networks.

Cybersecurity and platform models

The creation of highly efficient and dynamic systems by criminals to provide malicious services exploiting computer networks and enable fraud has created a global, underground digital economy. For criminals, the advantages of digital networks are obvious: they deliver faster growth, better return on capital and larger profit margins than traditional organized crime activity. As Europol has been documenting since 2011, thousands of criminal online forums, platforms and crimeware service models have proliferated and enabled an explosion of online crime. Criminal markets are the backbone of the cybercrime explosion of the past 20 years.

Organizations seeking to match these highly effective criminal models have been obliged to adapt to a platform-based economy themselves. Criminal gain and the innovative acumen of criminal activity are driving technological prowess and advancement, causing the cybersecurity world to follow suit technologically. More businesses could look at how organizations have responded to cybercriminals when responding to platform models in their own industries.

The following three lessons show how the cybersecurity industry is adapting in the platform economy:

1. Networks reduce costs and need for ownership

The world’s most infamous cybercriminals – far from being technical super hackers – were the orchestrators of vast networks of highly connected criminal platforms and forums. The operators of some of the most high-profile cybercrimes of all time – including Zeus, SilkRoad and Hansamarket – were businesses and highly efficient service models that linked money launderers, malware specialists and network infrastructure providers in an ever-efficient market.

The rise of software-as-service, managed security services and cloud-based security, instead of building complex in-house security capabilities, have been some of the only ways to efficiently combat this threat. The world’s cybersecurity unicorns do not provide bespoke tailored capabilities but are platform-based. Their software and services are built to scale across industries and geographies.

Bar chart shows the rise in cybercrime in terms of dollar losses.
The impact of cybercrime has soared over two decades,

The platform model will continue to dominate with specialist skills in short supply and the growth of a vibrant, global, cyber gig economy. The market for managed service providers, companies that remotely manage their clients’ IT infrastructure, is set to be worth $55 billion in the next five years, for example.

2. Platforms are outcome-based not strategy-based

Cybercriminals commit to the accomplishment of an overall outcome, not a rigid plan. When faced with challenges mounted by defenders, they adapt to achieve their outcome. For attackers, experimentation, coordination and bottom-up decision-making have taken the place of strict top-down and hierarchical decision-making processes, which are too slow and cumbersome in the cyber age. Cybersecurity has a real-time cadence of cause and effect. Criminal platforms enable constant experimentation and innovation to gain a new foothold or advantage within a computer network.

As a direct consequence, the cybersecurity industry is one of the most proficient adopters of innovative defensive technology and new partnership models. It’s highly adept at the rapid integration and implementation of cutting-edge capabilities. Accenture’s recent Invest for Cyber Resilience study identified the industry as the most advanced in adoption of the latest technologies with 84% of businesses now spending 20% of their security budget on AI, machine learning or robotic process automation services. Business leaders are now looking within their security teams future organizational and strategic leaders as a result.

3. Trust and verification

Cybercrime platforms have developed complex trust and verification systems. Trust is a critical common component of thousands of dark-web forums which are centred on ratings, reviews and reputation management akin to Ebay, Etsy or Amazon. For cybercriminals the stakes are high: trust and verification could be the difference between a lifetime in prison or financial success.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

Cyber defenders face the same integrity and trust-based issues, both in fighting the criminal networks and in their own platform and cloud-based businesses. As networked businesses require more shared and sensitive access to data, working with partners can require an understanding of risk across an entire business supply chain. This is a major issue for the future of work. According to Coase’s theory of the firm, businesses will own what makes their core identity and therefore, for many, survival will rest on maintaining trust in their services, whether that’s banking, commerce or mobility. Yet, in the networked world, security and trust cannot be shed but will need to be shared.

Building a global multistakeholder platform

Criminal networks are ruthlessly geared towards goals and outcomes; the digital system that is necessary to counter them must be too. In the flexibility of platforms and networks businesses have the same tools with which to find solutions to achieve their outcomes. Instead of adopting a complex and carefully directed strategy, disruptive organizations are empowering their staff to achieve their outcomes with dynamic technology and the efficient matching of capabilities. This approach is driving efficiency, scale and profitability, but it is only an early response to the growing trends of digital crime and the wider strategic changes brought by technology.