• COVID-19 is accelerating the digital transformation of business, especially retail, education and healthcare.
  • Rapid, unplanned digitisation increases the risk and impact of cyberattacks.
  • Leaders should take a systemic approach to cybersecurity in three phases.

COVID-19 is changing everything. Along with social distancing, obsessive sanitisation, broken supply chains, fragmented workforces and the rise of video meetings, the pandemic is driving acute systemic changes in consumer and business behavior. These changes are causing an outbreak of new and unanticipated business moments. The resolve to transform is palpable.

Businesses know they must rapidly innovate, take advantage of new digital tools and leverage cloud services to emerge from the crisis ahead of their competitors with momentum for the long-term transformation of their business in the altered global landscape.

This innovation is good news, but it is coming at a cost. As digital spreads its roots deeper, it also increases the risk and impact of cyberattacks.

The World Economic Forum’s COVID-19 Risks Outlook found 50% of enterprises were concerned about increased cyberattacks due to a shift in work patterns alone. These concerns are merited. Hasty and unplanned decisions related to digital transformations will add substantially to the spate of cybersecurity issues.

Most worrisome risks for your company after COVID-19
Half of businesses are concerned about cybersecurity due to the shift in working patterns.
Image: World Economic Forum

Cybersecurity matters even more given the increased dependency on digital infrastructure to ensure collective resilience. Many of the industries which are transforming serve critical functions – and a break in their supply chains could affect the movement and availability of life-saving drugs, components, equipment and raw materials.

The COVID-19 pandemic is driving technological transformation in three key areas – and there are three steps leaders must take to secure them.

3 key technological transformations facing cyber risk

Technological transformation will continue during the pandemic and long after. The challenge for global security is that this large-scale, unplanned digitisation is supported by nimble but relatively immature business models and operations.

We see this in three key transformations:

These three trends represent a revolution in terms of how people connect to resources, creating an even more connected world. But they are also low-hanging fruit for cybercriminals. This is especially true because, at an ecosystem level, cybersecurity resources are still not available at scale, and remain concentrated in the most well-resourced and mature markets.

3 steps leaders can take to address cybersecurity challenges

Leaders must start taking a systemic approach to security while also transforming their businesses.

For leaders tasked with securing their businesses from both market forces and cyberattacks, the approach needs to be timely and staged in three phases:

  • Immediate Term (0 to 3 months): Offices are empty, and businesses and employees are adapting to the new mode of working. To keep enterprises running, businesses must secure remote access and collaboration services, step up anti-phishing efforts and strengthen business continuity. Businesses need to establish a culture of robust cyber hygiene, by providing resources to the workforce and managing access and monitoring activity on critical assets.
  • Near Term (3 to 6 months): Not all organisations understand their security posture and the effectiveness of security controls. As a result, they don’t make the right decisions or prioritise the correct actions, which leaves the enterprise open to attack and compromise. Securing end users, data and brand is the next priority. As the number of cybersecurity threats has increased, chief security officers and their teams are also benefiting from an increase in prioritisation. Budget rebalancing will be inevitable as other projects are put on hold to safeguard organisations and invest more in security.
  • Medium to Long Term (12 months): Cybersecurity strategists should now think longer term, about the security of their processes and architectures. They should prioritise, adopt and accelerate the execution of critical projects like Zero Trust, Software Defined Security, Secure Access Service Edge (SASE) and Identity and Access Management (IAM) as well as automation to improve the security of remote users, devices and data.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

COVID-19 is changing the technology culture and infrastructure of every medium-sized and large organisation faster than any known event or phenomenon. This means changes will continue coming – and hackers will continue to target our growing dependence on digital tools. Businesses that focus on a return to “near-normal” will be investing time, effort and money in a battle long lost.

The pandemic presents an opportunity for full-blown innovation, a dramatic shift in perspective and the adoption of safe and resilient operating processes. The intensity and emphasis an organisation brings to its cybersecurity strategy will determine if the opportunity adds to bottom lines – or turns into a business disaster.