5 ways business leaders can prepare for the future of cybersecurity

work cybersecurity technology hacker safety security careers risk expert company artificial intelligence cryptic attack ratings cooperation 4IR

Cooperation will be the key to success in a time of increased cyber risk. Image: Unsplash/Adi Goldstein

Stefan Deutscher
Partner and Associate Director for Cybersecurity and IT Infrastructure, Boston Consulting Group
Daniel Dobrygowski
Head, Governance and Trust, World Economic Forum
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Future of Work is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Tech for Good

  • Cybersecurity is a key responsibility of board members in this digital age.
  • But there are plenty of ways to address cybersecurity risk, from appointing an executive responsible to sharing best governance practices with partners.

In a business environment where a company’s reputation increasingly depends on how well it acts as a steward of customer, client and partner information, boards of directors must be able to make informed decisions about cybersecurity.

Boards exist, among many other important tasks, to set risk appetite, hold managers accountable, and create appropriate boundary conditions for employees to live up to the expectations placed on them. In an increasingly digital world, cybersecurity must be a key component of these responsibilities and business leaders need to set the example that cybersecurity is important for long-term resilience.

Here are five things that board members could do to enhance their company’s cybersecurity.

1. Learn about cyber risks

Board members don’t need to be experts in cybersecurity, but they do need to become more knowledgeable about cyber risk. Today, when only one-third of board meetings regularly cover cyber issues, this knowledge can be brought into the board in a number of ways. Tabletop exercises, “wargaming” cyber crises and other on-going training need to be part of every board’s common practice. Some companies, including those as varied as Hewlett Packard Enterprise, Goldman Sachs and Spirit Airlines, are adding an experienced board member responsible for cyber risk.

Boards also need to hear from internal and external cyber experts. Every major company would be wise to have an executive responsible for assessing and managing their cyber risk. They should, on a defined regular basis, report to the board and be able to do so frankly, with integrity.

Have you read?

2. Don’t assume your industry is safe

Financial services firms have long known that ensuring maximum cybersecurity is a vital corporate goal and critical infrastructure companies, like electricity utilities, have quickly adapted. Industries such as automotive, aviation and healthcare are also recognizing that their reliance on devices and the internet of things has vastly increased their likelihood of being the target of cyberattacks and as such have changed their risk profile.

But even across industries aware of the importance of cybersecurity, cyber resilience capability and maturity vary widely. And industries that have so far been less targeted for cyberattack, like the extractive industries, will need to improve their cybersecurity posture to protect IP and other private or confidential information.

3. Include cybersecurity from the start

It is no longer possible for companies to innovate first and provide for security and privacy second. When a company is considering adapting or, even more importantly, creating new technologies, boards must demand that these technologies conform to their cyber-risk determinations and that cybersecurity be included by design from the outset.

Artificial intelligence (AI), which can change and act in ways that even the creator cannot anticipate, will particularly challenge the risk assessments of even the most cyber-savvy board. For example, while many executives look to AI as a tool to strengthen cyber defence, which it certainly can be, they often don’t realize that AI is already being used by malicious actors as a tool for attack, and worse, AI itself can become a target of attack. Board members need to understand the degree of risk their companies can face with regard to AI.

Similarly, quantum computing is moving from science fiction to reality faster than mobile telephony did. Quantum computing not only has the potential for enormous value creation in certain use cases, but it also has the potential to obliterate many of the established forms of practical cryptography currently used in business environments to secure data and transactions. Companies concerned with data security must start preparing for what is called “post quantum cryptography” or encryption methods that do not rely on popular and common public-key algorithms that can be efficiently broken by quantum computers. Boards much ensure that their managers have their backing to experiment with these new methods to ensure future security.

4. Familiarize yourself with cyber ratings and assessments

For years, many corporate leaders believed that by adding yet another cybersecurity tool or service, their company would automatically become more secure. Today, with greater experience and sophistication, analysts can move from inputs (“what tools do they use”) to outcomes (“what do the tools achieve”) to effectively and accurately assess how well a company is ensuring its cyber resilience.

Boards will need to become familiar with cybersecurity and cyber-resilience ratings quickly. In a context where people want transparency about how well a company is protecting their data, cyber reputation is company reputation. Equally important, insurers, procurement departments and credit-rating agencies are understanding the significance of such ratings, using them and making them their own. In the very near future, ensuring effective cybersecurity will become a prerequisite for obtaining a reasonable insurance rate, a contract or a good credit score.

5. Embrace cooperation

Cyberattacks used to largely be the work of isolated individuals, such as criminals or hacktivists, but today they are increasingly caused by networked adversaries, such as organized crime groups and nation-state-backed actors, making individual defence consistently more challenging. As Stanley McChrystal, former United States Army General and Senior Fellow of Yale’s Jackson Institute for Global Affairs, has said in reference to modern warfare, “to defeat a networked enemy we have to become a network ourselves”.

To succeed in managing the cultural shift that boards and their companies need to make if they are to thrive in the hyperconnected world of the Fourth Industrial Revolution, they can’t simply act alone. Boards of directors set company culture and they need to demonstrate from the top how to partner. This means taking an active role in working with peers at other companies and across their ecosystem to develop and share best governance practices.

It also means working with government leaders and ensuring that company management does too. For some companies, it may even mean becoming part of the new global architecture of cybersecurity cooperation, as evidenced by new alliances, such as the Charter of Trust or Cybersecurity Tech Accord, which are attracting hundreds of companies around the world. Moving forward, cooperation will be the key to success in a time of increased cyber risk.

This article is related to the World Economic Forum’s Annual Meeting in Davos-Klosters, Switzerland, 21-24 January 2020.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityJobs and the Future of WorkEmerging TechnologiesFourth Industrial RevolutionGlobal RisksForum Institutional
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Quantum computing could threaten cybersecurity measures. Here’s why – and how tech firms are responding

Simon Torkington

April 23, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum