• Business ecosystems are reaching global scale, exposing companies to massive losses for cybersecurity breaches.

• Thinking about cybersecurity early is mandatory for any innovation-focused company.

• Cybersecurity training can dramatically increased resilience among employees.

In the digital age, ecosystems take the evolution of business to a whole new level. The ecosystem surrounding a company can include a network of partners, suppliers, manufacturers, as well as various processes, all working together as a single organism.

Some ecosystems have already reached global scales. Insufficient security of their components could result in enormous losses. A supply chain attack can cause a domino effect, unless each member of the ecosystem takes responsibility for their own security.

According to Symantec, the number of supply chain attacks has recently surged by almost 80%. This poses a serious threat to all ecosystems, no matter what their size. The number of ecosystems is increasing, and dealing with the escalating risks to them is becoming more pressing for the global community. During Cyber Polygon, the international initiative aimed at increasing global cyber-resilience, experts will address these issues and discuss how to build secure ecosystems and handle supply chain attacks. Here are three ways to develop a resilient ecosystem:

1. Technologies

Assess, manage and reduce the risks when digitizing your business

New technologies pioneer digitization. Artificial intelligence, machine learning and automation are now widespread in warehouses, manufacturing and medical services. For example, AI can speed up exploratory research of new medicines by 4.5 times. At the same time, these technologies come with new risks. Despite this, innovation-focused companies often leave security behind and concentrate on the main operational processes, investing in hardware, systems and research.

However, to ignore security from the very beginning of your digital transformation leaves your business exposed to massive expenses in the future. According to IBM, the damage caused by data breaches has now hit a global average of $4 million, but if a company has resilient incident-response plans, it can save $2 million or could even reduce that by $3.58 million if it has fully deployed security automation. In case of ecosystems, the potential damage is immense, considering the level of interdependence, tight links between various processes and the amounts of data handled and stored.

It is important to think about security at the initial stage. First of all, a proactive approach eliminates the need to spend resources on emergency system upgrades. Secondly, it reduces the chances of incurring costs associated with digital threats. Thirdly, even if a company does encounter such threats, the amount of damage will be less. The essentials of providing security to an ecosystem infrastructure are:

• Digital risk assessment and introduction of risk management practices

• Implementation of the “security-by-design” approach

• Regular infrastructure monitoring and testing

• Introduction of security standards, applied to all elements of the ecosystem

• Implementation of security policies towards third parties

• Automation of security systems

Another option could be outsourcing security issues. Using the capacities of a contractor company is cheaper in most cases than building own systems.

2. Processes

Reconfigure your infrastructure into a digital platform to make processes effective and secure

As an ecosystem grows, the processes inside it become more sophisticated. Companies start utilizing various software and technologies to adjust certain processes and find solutions to specific issues. Quite often, these solutions lack efficient interaction and coordination within the system, rendering the data exchange too complicated. Therefore, it is not enough to simply upgrade to new software, it is necessary to integrate new tools into the infrastructure and tune new processes for efficient operation.

The key solution could be the creation of a unified digital platform – a single information infrastructure that accumulates and adjusts new services and processes. This simplifies and speeds up data transfer, makes all processes transparent, enables control over the whole infrastructure, and applies necessary security measures to every new service. Sber, the largest bank and technology company in Russia, has transformed out of a linear structure into an ecosystem of several dozen various companies using the approach above. In the effort to make the transformation process effective and secure, Sber created its own platform, which allows all ecosystem residents to quickly launch new products. Expert companies that specialize in digital transformations can help and reconfigure the existing infrastructure. They have extensive experience when it comes to setting up seamless interactions between digital processes for large and small businesses; their approach helps to avoid typical mistakes and saves company budget and time.

3. People

Train your staff to utilize new tools and approaches

Since new technologies alter the way companies operate, employees should adjust to the changes accordingly. They need to learn new methods and approaches at every stage of the digital transformation, adapt to new software and develop new skills. PwC has recently announced that it would invest $3 billion into job training for its 275,000 employees around the world, future-proofing its workforce against emerging digital needs. A recent report by IDC states that companies that utilize educational platforms for their staff may see a 746% return on investment over three years.

Educating employees is a key part of proactive cybersecurity
Educating employees is a key part of proactive cybersecurity
Image: BI.ZONE

Developing human capital while being transparent with your employees and supporting their interest in the company welfare are important aspects for company efficiency and resilient operations. When new systems are introduced, people need to be prepared and trained. Apart from that, it is necessary to be able to control the security of working in cyberspace. Our research shows that one in three employees are vulnerable to cyberattacks without systemic education, but training can improve their resilience by nine times. Regular testing of the acquired skills and simulation of phishing campaigns that promote employees to stay vigilant in cyberspace are crucial for the ecosystem’s stability and integrity.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Whatever the scale of the ecosystem, its resilience is an issue of high significance. The tendency for businesses to create networks of contractors and partners will continue, making the world ever more interconnected. In that regard, a proper approach to building ecosystems that foresees risks will ensure resilience, competitiveness and secure digital development for years to come.