COVID-19 has disrupted cybersecurity, too – here's how businesses can decrease their risk

Jul 27, 2020

cybersecurity cyber security risk cyberattack how to digitisation digital transformation covid-19 pandemic crisis virtual schools robotics healthcare retail

How leaders should approach cybersecurity in the post-COVID world. Image: Markus Spiske/Unsplash

Maninder Singh

Corporate Vice President & Global Head, CyberSecurity & GRC Business, HCL Technologies

Our Impact

What's the World Economic Forum doing to accelerate action on Cybersecurity?

The Big Picture

Explore and monitor how Cybersecurity is affecting economies, industries and global issues

A hand holding a looking glass by a lake

Crowdsource Innovation

Get involved with our crowdsourced digital platform to deliver impact at scale

Stay up to date:

Cybersecurity

This article is part of:

COVID-19 is accelerating the digital transformation of business, especially retail, education and healthcare.
Rapid, unplanned digitisation increases the risk and impact of cyberattacks.
Leaders should take a systemic approach to cybersecurity in three phases.

COVID-19 is changing everything. Along with social distancing, obsessive sanitisation, broken supply chains, fragmented workforces and the rise of video meetings, the pandemic is driving acute systemic changes in consumer and business behavior. These changes are causing an outbreak of new and unanticipated business moments. The resolve to transform is palpable.

Businesses know they must rapidly innovate, take advantage of new digital tools and leverage cloud services to emerge from the crisis ahead of their competitors with momentum for the long-term transformation of their business in the altered global landscape.

This innovation is good news, but it is coming at a cost. As digital spreads its roots deeper, it also increases the risk and impact of cyberattacks.

Have you read?

The World Economic Forum’s COVID-19 Risks Outlook found 50% of enterprises were concerned about increased cyberattacks due to a shift in work patterns alone. These concerns are merited. Hasty and unplanned decisions related to digital transformations will add substantially to the spate of cybersecurity issues.

Most worrisome risks for your company after COVID-19

Half of businesses are concerned about cybersecurity due to the shift in working patterns. Image: World Economic Forum

Cybersecurity matters even more given the increased dependency on digital infrastructure to ensure collective resilience. Many of the industries which are transforming serve critical functions – and a break in their supply chains could affect the movement and availability of life-saving drugs, components, equipment and raw materials.

The COVID-19 pandemic is driving technological transformation in three key areas – and there are three steps leaders must take to secure them.

3 key technological transformations facing cyber risk

Technological transformation will continue during the pandemic and long after. The challenge for global security is that this large-scale, unplanned digitisation is supported by nimble but relatively immature business models and operations.

We see this in three key transformations:

Virtual Retail. Retailers want solutions that address the safety of their customers. They are willing to invest in advanced technologies like augmented reality, computer vision, sensor fusion, chatbots for recommendations, cashless transactions and receipts delivered by email so customers can “virtually try” clothing or bag their purchases and simply walk out of the store with zero human contact. The retail sector, even before the pandemic started, was the most heavily targeted sectors by cybercriminal groups, and will have a newer digital attack surface to defend.
Digital Education. The education sector is redesigning delivery by adopting technology to address the changing learning environment. If education providers can overcome the challenges, virtual schools could become the “next normal,” with traditional approaches marginalised permanently. After the pandemic, 262 million children out of school in low- and middle-income countries could receive an education despite the shortage of qualified teachers and infrastructure. This may also narrow the digital divide among the poorest regions and most underprivileged societies. Now, it’s important to secure the millions invested in virtual schools.
Robotics and Healthcare. The healthcare industry is deploying robots to disinfect hospitals, handle lab samples, dispose medical waste and monitor isolation wards without human presence. Until now, this has been largely demonstrative, but robots have proven their value and hospitals will continue to use them to perform complex surgical procedures by specialty physicians. However, concerns are already mounting about their cyber vulnerabilities.

These three trends represent a revolution in terms of how people connect to resources, creating an even more connected world. But they are also low-hanging fruit for cybercriminals. This is especially true because, at an ecosystem level, cybersecurity resources are still not available at scale, and remain concentrated in the most well-resourced and mature markets.

3 steps leaders can take to address cybersecurity challenges

Leaders must start taking a systemic approach to security while also transforming their businesses.

For leaders tasked with securing their businesses from both market forces and cyberattacks, the approach needs to be timely and staged in three phases:

Immediate Term (0 to 3 months): Offices are empty, and businesses and employees are adapting to the new mode of working. To keep enterprises running, businesses must secure remote access and collaboration services, step up anti-phishing efforts and strengthen business continuity. Businesses need to establish a culture of robust cyber hygiene, by providing resources to the workforce and managing access and monitoring activity on critical assets.
Near Term (3 to 6 months): Not all organisations understand their security posture and the effectiveness of security controls. As a result, they don’t make the right decisions or prioritise the correct actions, which leaves the enterprise open to attack and compromise. Securing end users, data and brand is the next priority. As the number of cybersecurity threats has increased, chief security officers and their teams are also benefiting from an increase in prioritisation. Budget rebalancing will be inevitable as other projects are put on hold to safeguard organisations and invest more in security.
Medium to Long Term (12 months): Cybersecurity strategists should now think longer term, about the security of their processes and architectures. They should prioritise, adopt and accelerate the execution of critical projects like Zero Trust, Software Defined Security, Secure Access Service Edge (SASE) and Identity and Access Management (IAM) as well as automation to improve the security of remote users, devices and data.

Discover

How is the Forum tackling global cybersecurity challenges?

The World Economic Forum's Centre for Cybersecurity at the forefront of addressing global cybersecurity challenges and making the digital world safer for everyone.

Our goal is to enable secure and resilient digital and technological advancements for both individuals and organizations. As an independent and impartial platform, the Centre brings together a diverse range of experts from public and private sectors. We focus on elevating cybersecurity as a key strategic priority and drive collaborative initiatives worldwide to respond effectively to the most pressing security threats in the digital realm.

Learn more about our impact:

Cybersecurity training: In collaboration with Salesforce, Fortinet and the Global Cyber Alliance, we are providing free training to the next generation of cybersecurity experts. To date, we have trained more than 122,000 people worldwide.
Cyber resilience: Working with more than 170 partners, our centre is playing a pivotal role in enhancing cyber resilience across multiple industries: oil and gas, electricity, manufacturing and aviation.

Want to know more about our centre’s impact or get involved? Contact us.

COVID-19 is changing the technology culture and infrastructure of every medium-sized and large organisation faster than any known event or phenomenon. This means changes will continue coming – and hackers will continue to target our growing dependence on digital tools. Businesses that focus on a return to “near-normal” will be investing time, effort and money in a battle long lost.

The pandemic presents an opportunity for full-blown innovation, a dramatic shift in perspective and the adoption of safe and resilient operating processes. The intensity and emphasis an organisation brings to its cybersecurity strategy will determine if the opportunity adds to bottom lines – or turns into a business disaster.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.