Why ‘fire drills’ are key for cybersecurity

Employees in an office work on computers to strengthen cybersecurity.

“Drill, drill, drill," one expert said.

Spencer Feingold
Digital Editor, Public Engagement, World Economic Forum
Abhinav Chugh
Content and Partnerships Lead, World Economic Forum
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


Listen to the article

  • Cyber attacks across sectors are on the rise worldwide.
  • Increasingly, hackers are targeting sensitive consumer data and becoming more skilled at exploiting vulnerabilities.
  • "You have to try and build up layers of defences in your organization,” one expert said.

Industry experts are urging organizations across sectors to prepare for cyber attacks. The call to action comes as the prevalence of cyber attacks continues to rise, with cybercriminals and state actors becoming more deft at targeting sensitive consumer data and supply chain vulnerabilities.

“The biggest thing is to exercise,” Jacky Fox, the managing director of Accenture, said in a panel interview on Our World in Transformation, a live programme by the World Economic Forum’s Strategic Intelligence platform. “Drill, drill, drill so that people get their roles and they can have that muscle memory that allows them to kick into action.”

In the third quarter of 2022, global cyber attacks rose by 28% compared to the same period the year prior, according to the cybersecurity firm Check Point. The prevalence equated to over 1,130 weekly attacks per organization worldwide.

Today, hackers are increasingly targeting consumer data held by companies ranging from major medical insurance providers to national airlines. Cybercriminals are also attempting to exploit cybersecurity weaknesses in supply chains. These can include, for example, third party vendors like software providers and transportation services.

“The most significant incidents we are seeing now are supply chain attacks,” Rob Wainwright, a partner at Deloitte, added in the panel interview. “That is only going to grow.”

In 2020, for example, it was revealed that a software update from SolarWinds, a major US information technology management company, was compromised by hackers. The update was downloaded by up to 18,000 SolarWinds customers, including major multinational corporations and government agencies. The hack, the Forum noted in a 2021 report, demonstrated “patience, persistence, and complex tradecraft.”

“The cybercriminal economy has gone through a pretty major transformation,” Wainwright stated. “At the top end of the criminal ecosystem are very, very aggressive, highly adept threat actors—syndicated criminal operations that are pooling their capabilities and are very adept at breaching defences.”

‘Layers of defences’

Experts stress that preparing companies as a whole for cyber attacks is a key component of cybersecurity. This includes not only top executives and IT departments, but employees across an organization.

“You have to try and build up layers of defences in your organization,” Fox stated. “When an organization has exercised this—when they've done the equivalent of a fire drill for a cyber drill. That's what really makes a difference.”

Indeed, studies show that human actions make up a large part of cyber attacks. A recent study by Verizon found that the human element was a key driver of 82% of cyber breaches surveyed.

Investment into cybersecurity is also crucial, experts say. This includes taking steps to bolster readiness and defenses across supply chains to deter and prevent the increasing attacks. In fact, supply chain cyber attacks rose by 300% in 2021 compared to the year prior, according to research by Argon Security.

“It's not just for the techie guys in one corner,” Wainwright stated. “This is a business concern starting at the board level.”

Have you read?
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How the Internet of Things (IoT) became a dark web target – and what to do about it

Antoinette Hodes

May 17, 2024


About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum