Advancing Cyber Resilience: Principles and Tools for Boards
A first-of-its-kind resource to support board of directors and CEO to take action on cybersecurity and cyber resilience strategy.
Cyber risk is a systemic challenge and cyber resilience a public good. Every organization acts as a steward of information they manage on behalf of others. And every organization contributes to the resilience of not just their immediate customers, partners and suppliers but also the overall shared digital environment.
In order to ensure security and resilience, organizations, both public and private, must develop the capabilities to ensure their own resilience through internal governance structures and behaviours as well as work with other organizations (enterprises, governments, and civil society) in order to ensure systemic security and resilience. The Forum has committed to support the development of cyber resilience governance capabilities at the enterprise and national level by creating tools, sharing best practices, and convening all stakeholders to effectively make decisions about their shared security responsibilities.
In 2018, the Forum will expand on these efforts in two ways:
Enterprise: Accelerating adoption of the Board Tools and Principles as well as creating new cyber risk governance tools for executives.
Government: Fostering discussion and cooperation between the public and private sector on cyber security policy issues using the Cyber Playbook for Public-Private Cooperation.
Through a number of multistakeholder working groups the Forum community has already contributed substantially to this space. Some specific outputs have included:
Cyber risk is a systemic challenge and cyber-resilience a public good. Leaders need tools and partnerships to respond to these challenges of digitalization.
The latest cyberattack, which led to outages across the US East Coast, should be a wake-up call regarding the dangers of an insecure IoT.
Dr Michelle Tuveson says we should pay attention to forecasters when it comes to cyber security risk.