Cyber Resilience

Tiny jjnum7hupfpwlyarmhmrfboaz8f4pt61taj028njpsk

Cyber risk is a systemic challenge and cyber resilience a public good. Every organization acts as a steward of information they manage on behalf of others. And every organization contributes to the resilience of not just their immediate customers, partners and suppliers but also the overall shared digital environment. 

In order to ensure security and resilience, organizations, both public and private, must develop the capabilities to ensure their own resilience through internal governance structures and behaviours as well as work with other organizations (enterprises, governments, and civil society) in order to ensure systemic security and resilience.

Background

Through a number of multistakeholder working groups the Forum community has already contributed substantially to this space. Some specific outputs have included:



  • Advancing Cyber Resilience: a 2016 programme dedicated to empowering boards and executive teams with tools and practices to identify and manage the business risks emanating from cyber threats


  • Beyond Cybersecurity: book reviewing primary research with over 200 organizations on ‘gamechanging’ actions for business and governments


  • Towards the Quantification of Cyber Threats: innovative risk quantification model “Cyber Value-at-Risk” lays the foundation for consistent quantification within and across enterprises, potentially leading to further development of risk transfer/cyber insurance markets


  • Risk and Responsibility in a Hyperconnected World: analysis of global macro impact (up to $3 trillion/5% global GDP by 2020), future scenarios and a shared Framework for Global Collaboration

  • Development of Principles & Guidelines (100+ CEO/Minister/SG level signatories across 14 industries and 23 countries), including Cyber Risk Framework and Maturity Model, further expanded here 

Objectives

The goal of the Forum’s Cyber Resilience project is to support companies, organizations and governments in implementing tools and entering into partnerships in order to effectively integrate cyber resilience into business and national strategy. Specifically, the project will aim to:


  • Create a network of board members and senior executives who are activated on the cyber strategy topic and who will spur adoption of the Forum's Cyber Principles and Tools for Boards;

  • Develop a system to iterate the Forum's principles and tools as well as collect case studies around successful cyber resilience strategies

  • Adapt the validated tools for leaders for application to the public sector and governments

  • Initiate public-private dialogue on the topics of state action in cyber and agreed liability thresholds, among others.

  • Develop a process for sustained dialogue between boards/executive teams and policymakers along with well-defined roles for actors in both the public and private sectors (e.g., around critical infrastructure or liability thresholds)

  • Foster collaboration with the insurance industry and government leaders to normalize and help mitigate cyber risk