Cyber Resilience

Tiny ocfhubxlw2qn30zys6j2vhs3dxbrrhcjstiqpn8drsm

Cyber risk is a systemic challenge and cyber resilience a public good. Every organization acts as a steward of information they manage on behalf of others. And every organization contributes to the resilience of not just their immediate customers, partners and suppliers but also the overall shared digital environment. 

In order to ensure security and resilience, organizations, both public and private, must develop the capabilities to ensure their own resilience through internal governance structures and behaviours as well as work with other organizations (enterprises, governments, and civil society) in order to ensure systemic security and resilience. The Forum has committed to support the development of cyber resilience governance capabilities at the enterprise and national level by creating tools, sharing best practices, and convening all stakeholders to effectively make decisions about their shared security responsibilities.

In 2018, the Forum will expand on these efforts in two ways:
Enterprise: Accelerating adoption of the Board Tools and Principles as well as creating new cyber risk governance tools for executives.
Government: Fostering discussion and cooperation between the public and private sector on cyber security policy issues using the Cyber Playbook for Public-Private Cooperation.

Background

Through a number of multistakeholder working groups the Forum community has already contributed substantially to this space. Some specific outputs have included:



  • Advancing Cyber Resilience: a 2016 programme dedicated to empowering boards and executive teams with tools and practices to identify and manage the business risks emanating from cyber threats


  • Beyond Cybersecurity: book reviewing primary research with over 200 organizations on ‘gamechanging’ actions for business and governments


  • Towards the Quantification of Cyber Threats: innovative risk quantification model “Cyber Value-at-Risk” lays the foundation for consistent quantification within and across enterprises, potentially leading to further development of risk transfer/cyber insurance markets


  • Risk and Responsibility in a Hyperconnected World: analysis of global macro impact (up to $3 trillion/5% global GDP by 2020), future scenarios and a shared Framework for Global Collaboration

  • Development of Principles & Guidelines (100+ CEO/Minister/SG level signatories across 14 industries and 23 countries), including Cyber Risk Framework and Maturity Model, further expanded here