Why 2020 is a turning point for cybersecurity

In 2020, the drive of the Fourth Industrial Revolution towards ubiquitous connectivity and digitalization will continue. But as new connections and technologies support socio-economic progress, cyberattacks and risks to and stemming from these innovations will increase in frequency and impact.

Here's how leaders can adapt and adopt the right strategies, and build effective partnerships to ensure optimal cybersecurity and digital trust.

New technologies and new users will reshape cyber-risks in 2020. The emergence of 5G networks in 2020 will result in substantially broader access for both devices and people. Greater and more convenient broadband at higher speeds will encourage the development and deployment of everything from connected devices and ubiquitous computing to virtual and augmented reality and artificial intelligence.

Meanwhile, emerging economies will see an increase in users. Those previously excluded from the internet by the high price of equipment and networks will be able to get online with low-cost devices and access plans. This will bring education to remote communities, provide the previously unbanked and underbanked population with access to financial services for the first time, and provide small-plot farmers with access to weather information and crop prices. At the same time, it will bring the same disinformation and manipulation, cybercrime and fraud witnessed in more cyber-advanced countries.

With these network developments, more data will be created and collected than ever before, making policy attempts to protect this data more urgent. Data borders will continue to be drawn. Obliging companies will need to be more responsible with the data they collect from and about customers. At the same time, it may have a chilling effect on the capacity for commercial, academic and even government initiatives to collaborate as the sharing of information becomes increasingly difficult.

In this context, the crypto wars will likely reignite and come to a head as tech companies will increasingly find it difficult to resist government calls for back doors to their systems. Depending on where you sit, this will either grant law enforcement much-needed capabilities to investigate crimes or weaken protection for everyone – or both.

In this fundamental reorganization of society and practices, 2020 will also see breakthroughs in quantum computing. Although viable commercial implementation will not emerge this year, these breakthroughs will hasten their creation, forcing technology to devise entirely new ways to encrypt and protect data, which puts legacy data stores at risk.

Considering the importance of these technologies, the adage “cyber strategy is business strategy” will resonate strongly from 2020 onward. Coming into the new decade, 68% of business leaders believe that the cybersecurity risks confronting their organizations are increasing.

To address this challenge and deal with the risks, leaders should avail themselves of new knowledge, processes and tools to ensure responsible use of data and organizational resilience. From new leadership profiles on boards and in the C-suite, improved risk assessment and risk mitigation options to a new logic of cooperation, leaders can look to partnerships and tools to help them meet their cybersecurity responsibilities.

Risks related to cybersecurity and data governance are now the top concerns of chief audit executives and corporate boards. This new normal will likely reach an inflection point in 2020: either uncertainty around cybersecurity will begin to impact business performance or CEOs and business leaders will develop ways of managing this risk. Those who can achieve growth will view cybersecurity as necessary and (potentially) equal to other fundamental business concerns, such as finance and HR.

As of 2020, successful leaders will integrate best practices for both management and strategy, if they haven’t already, to create a strong cybersecurity culture. They will also enjoy better performing tools to assess and understand where an enterprise’s cybersecurity practices are working effectively, including more accurate and descriptive company-wide security metrics and ratings. This is timely and increasingly necessary considering that credit rating agencies and insurers as well as government regulators are likely to begin assessing the cybersecurity posture of organizations as an integral factor to their overall health and viability.

In a hyperconnected world, however, no company can succeed alone and business leaders will need to find the right allies and partners in the private and public sectors to defend innovation and progress.

Identifying appropriate partnerships will become both easier and more difficult in the year ahead. As cybersecurity continues to gain prominence and stature as a critical issue with significant national, regional and international implications, world leaders will be obliged to take and clarify positions on related topics, facilitating a more informed debate. As government and business leaders develop and publicly state their policy positions on cyberspace, identifying potential allies may also become easier. Similarly, the groundswell of cyber initiatives will finally reach a saturation point. Umbrella efforts like the Paris Call for Trust and Security in Cyberspace and the Global Forum on Cyber Expertise will gain momentum, initiating a transition period for cyber initiatives beyond the current stage of frenzied creation of (often duplicative) efforts to one of greater coordination and a culling of less robust and unsustainable initiatives.

Yet, as global efforts to coordinate and collaborate grow, so too will the potential for schisms and polarization. In the coming year, two bodies under the auspices of the UN – the Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) – will advance parallel processes that could potentially conclude with divergent viewpoints on how to approach cybersecurity at the global level. Despite some dissenting opinions, consensus will continue to grow and consolidate with regard to the applicability of existing international law and norms in cyberspace.

But greater rifts are expected in the field of cybercrime legislation as the long-standing attempts by some countries to negotiate a new cybercrime treaty at the UN, notwithstanding the international Budapest Convention on Cybercrime, are set to move forward in 2020. Moreover, the informal role of private sector and other non-governmental actors in shaping international norms and governance regarding cybersecurity and information and communications technologies will continue to grow.

More governments will create distinct organizations dedicated to national cybersecurity efforts, namely in regard to working with the private sector. Investment in capacity-building will increase, with the focus shifting toward more holistic local and regional efforts that go beyond training and education to create sustainable cybersecurity environments that integrate knowledge, skills and services.

The number of national and municipal laws and regulations addressing cybersecurity – either through new proposals or updates to existing measures – will also increase. While calls for greater alignment across regulatory regimes will continue to grow, there will be little change on this front in the near term owing to the pace and complexities of law-making across jurisdictions and continued debate about the underlying cybersecurity requirements. Continued volatility across the geopolitical landscape will add to this delay and cybersecurity threats will evolve to exploit the ever-changing environment.

This year is likely to present a turning point, where new technologies scale and come online, exacerbating cyber-risk and affecting every business, government and individual. With these many evolving challenges, 2020 represents an opportunity for all public and private stakeholders to adopt better strategies and effectively collaborate at a global level through resources like the World Economic Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust to build a more secure, more resilient and more trusted digital world.