Cyber Resilience

Tiny jsenwkc3rvr2nwtayxzirzmw073p3s7ynbvghcyfq8q

Cybersecurity is a high-level item on leaders' agenda across all sectors. Business, governments and individuals are rapidly taking advantage of faster, cheaper digital technologies to deliver an unprecedented array of social and economic benefits. However, without tools and partnership aimed at solving or mitigating cyber challenges, leaders in business, government, and across society cannot pursue the benefits of digitization with confidence.  
 
The Forum aims to help leaders identify and address these emerging business and social risks so that the benefits of digitization can be pursued with confidence. The overall objective of this work is to normalize cyber risks through the development of top-level leadership awareness, understanding and action on cyber risks. While leaders are now generally aware of the risks, we can observe a wide range of maturity in terms of understanding and action across different industry sectors and regions.

Ambition
 
The overall goal of the Forum's cyber security/resilience work is to normalize cyber risks. Normalizing cyber risk means that managing those risks should not arouse fear, uncertainty and doubt, but rather that it must become business as usual for individuals, companies, and governments. Even if the landscape of cyber risks is constantly changing, the Forum aims to ensure that we have the institutional and social mechanisms and the normative basis to constantly iterate defences and resiliency measures to manage those risks.

In service of this over-arching goal, the focus for 2017 will be on ensuring adoption of best practices and policies by governance bodies (in companies and government) as well as developing partnerships to support cyber resilience and initiate public-private dialogue around challenges to cyber resilience.

Background

Through a number of multistakeholder working groups the Forum community has already contributed substantially to this space. Some specific outputs have included:


  • Development of Principles & Guidelines (100+ CEO/Minister/SG level signatories across 14 industries and 23 countries), including Cyber Risk Framework and Maturity Model, further expanded here and below


  • Risk and Responsibility in a Hyperconnected World: analysis of global macro impact (up to $3 trillion/5% global GDP by 2020), future scenarios and a shared Framework for Global Collaboration


  • Towards the Quantification of Cyber Threats: innovative risk quantification model “Cyber Value-at-Risk” lays the foundation for consistent quantification within and across enterprises, potentially leading to further development of risk transfer/cyber insurance markets


  • Beyond Cybersecurity: book reviewing primary research with over 200 organizations on ‘gamechanging’ actions for business and governments

  • Advancing Cyber Resilience: a 2016 project dedicated to empowering boards and executive teams with tools and practices to identify and manage the business risks emanating from cyber threats

Objectives

The goal of the Forum’s Cyber Resilience project is to support companies, organizations and governments in implementing tools and entering into partnerships in order to effectively integrate cyber resilience into business and national strategy. Specifically, the project will aim to:


  • Create a network of board members and senior executives who are activated on the cyber strategy topic and who will spur adoption of the Forum's Cyber Principles and Tools for Boards;

  • Develop a system to iterate the Forum's principles and tools as well as collect case studies around successful cyber resilience strategies

  • Adapt the validated tools for leaders for application to the public sector and governments

  • Initiate public-private dialogue on the topics of state action in cyber and agreed liability thresholds, among others.

  • Develop a process for sustained dialogue between boards/executive teams and policymakers along with well-defined roles for actors in both the public and private sectors (e.g., around critical infrastructure or liability thresholds)

  • Foster collaboration with the insurance industry and government leaders to normalize and help mitigate cyber risk