Reflections on Davos 2024: The state of cybersecurity

Cybersecurity is on the frontline of our AI future, agreed experts at this year's Annual Meeting in Davos. Indeed, a race is afoot between cyber defenders and attackers, the "good guys" and the "bad guys." Who's winning is a question that was hotly debated.

Findings from the World Economic Forum's Global Cybersecurity Outlook 2024 are sobering: fewer than one in 10 global executives believe that generative AI will give an advantage to defenders over attackers in the next two years.

Over a third of organizations have suffered a material cyber incident from bad actors in the last year. The threat landscape is vast, complex and rapidly evolving. Security teams are up against a relentless, complex, sophisticated volley of breach attempts, ransomware and phishing attacks.

Indeed, according to the Forum's Global Risks Report 2024, cyber insecurity is a global risk over multiple time horizons. Cyber risks such as malware, deepfakes and misinformation threaten supply chains, financial stability and democracy.

In a year where nearly 4 billion people go to the polls amid the growing threat of mis-and disinformation, urgent action is required to safeguard the integrity of democratic processes. Fortunately, as heard through various sessions at the Annual Meeting, decision-makers are coming together to defend against these cross-national, multilayer threats.

Preparing for the future means preparing for multiple different future scenarios. How can global actors cooperate to build cyber resilience and ensure the defenders win? Below are the week's key insights and considerations, hot from Davos 2024.

There is growing cyber inequity between organizations that are cyber-resilient and those that are not. This mismatch creates a major economic divide between the largest and most developed economies – who reap the rewards of new technologies – and less developed nations, sectors and communities who continue to fall behind.

More than 100 executives surveyed at this year's Annual Meeting on Cybersecurity called for urgent action to address this growing cyber inequity, which poses a systemic threat in the age of interdependence. Without work to close this inequity, "these risks will fall on the balance sheet of the public sector," said John Doyle, president and chief executive officer at Marsh McLennan.

Cybercriminals do not know national borders and so this work requires a global coordinated response. In January 2023, the Forum's Partnership Against Cybercrime members launched the Cybercrime Atlas initiative to map and better understand the cybercriminal ecosystem.

There is a significant cyber skills gap, which continues to widen at an alarming rate.

Leaders must take action to invest in cyber skills across organizations. As Sadie Creese, Professor of Cybersecurity at the University of Oxford, said, "Investing in cyber-risk fitness in our leaders" is a good place to start. There is also scope for corporate boards and government oversight bodies to update their knowledge by ensuring cyber experts regularly brief them. At the employee level, the goal should be to ensure that all frontline staff cover the cybersecurity basics well. In considering the cyber-skills gap, the biggest challenge is time.

"To upskill, you can't use traditional educational processes. You have to think, 'How might we be attacked?'" said Debjani Ghosh, president of the Indian trade association NASSCOM. She gave the example of CyberShikshaa, a short course initiative in India training women in cyber skills. Speakers shared the conviction that building capabilities will be a collaborative global effort. The Forum's Bridging the Cyber Skills Gap initiative is already working to build a strategic cybersecurity talent framework.

The battle for cybersecurity is just beginning and its role as a strategic imperative will only intensify.

By 2030, the number of people online is set to surge. For cybersecurity, the attack surface grows exponentially; therefore, pace and scale will be as important as any technological capabilities. The effect is compounded by the expected surge in devices, increasing the number of connections and thereby increasing network complexity, interdependence and systemic risk.

Emerging technologies may amplify the risks. "Quantum is going to create a cybersecurity Armageddon," said Ana Paula Assis, chairman of the EMEA division at IBM. But new technology can also amplify the capacity of cyber defenders. The Forum, in collaboration with the Financial Conduct Authority UK, launched a whitepaper this week outlining guiding principles and a roadmap to ensure a quantum-secure financial sector. It is in this complex space that convergence becomes important.

"Network security must be built, which means having an infrastructure that can handle different trust levels and applications," said Ken Xie, Founder, chairman and CEO of Fortinet.

These insights from Davos 2024 echo the findings of the whitepaper Cybersecurity Futures 2030: New Foundations published by the Forum with the Centre for Long-Term Cybersecurity at UC Berkeley. Global cybersecurity can be achieved by aiming for the three "Ts" of cybersecurity: trust, tempo and talent. The online spread of mis- and disinformation is now a core cybersecurity concern.

Stemming the growing gap in cyber inequity will be a crucial goal of cybersecurity efforts over the next decade. Cyber defenders must keep up with the speed of innovation. Regarding talent, cyber is not just about technical talent. Multiple skill sets will be required to build cyber resilience and combat malicious actors worldwide. All this is to ensure we preserve trust in our shared digital future.