Published: 25 June 2020

Incentivizing Responsible and Secure Innovation: A framework for entrepreneurs and investors

Technology brings many positive innovations and opportunities but unless it is developed with security in mind, it presents more risks and potential disruption than solutions. This report provides a framework to develop technology in a secure manner, focusing on essential principles such as privacy-by-design and security-by-design.

The great digital shift

The COVID-19 pandemic has underscored the importance of incentivizing cybersecurity in technological development. The security and privacy features in technology are more vital than ever as the majority of public and private communications and operations have shifted to the digital domain. Recent research shows that 93% of executives are willing to pay almost 25% more for more secure devices and technology.

The purpose of this insight report is to provide tools and guidance for entrepreneurs, innovators and investors to enable them to improve security features in new technologies and incorporate cybersecurity features from the get-go. We present here a number of essential cybersecurity requirements to be taken into account when developing new technology, innovation and new companies, to maximize their resilience.

Not so fast

Entrepreneurs have a twofold responsibility: to ensure that their companies and products are digitally secure and that they have a recovery plan ready to activate should hackers succeed. This is all the more important for small and medium-sized enterprises, to which a cybersecurity incident could be fatal or significantly diminish its valuation and attractiveness for investment.

Today there is aserious imbalance between the time to market and the time to security. Market forces pressure for shiny new products and tech gadgets or applications, they care little about the security embedded in a new technology. The current trend rewards entrepreneurs who develop new products as fast as possible and market them at the earliest availability, disregarding that this creates an enormous attack surface of ever newer products filled with vulnerabilities for cyber criminals to exploit. Were entrepreneurs and innovators encouraged and incentivized to prioritize security features in their product development from the very beginning, a much safer cyber space would be incrementally possible.

Consumer behaviour is changing and consumer concerns about privacy and security are growing, inevitably leading to changes in market forces. Clearly these changes must incite entrepreneurs to understand the importance of cybersecurity when launching new products, innovating and developing new entities. Investors, on the other hand, must have the tools they need to evaluate the state of cyber preparedness of their potential investments.


What is the World Economic Forum doing on cybersecurity?

The World Economic Forum Centre for Cybersecurity drives global action to address systemic cybersecurity challenges. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors. Here are some examples of the impact delivered by the centre:

Cybersecurity training: Salesforce, Fortinet, and the Global Cyber Alliance, in collaboration with the Forum, provide free and accessible training to the next generation of cybersecurity experts worldwide.

Cyber resilience: Working its partners, the Centre is playing a pivotal role in enhancing cyber resilience across multiple industries: Oil and Gas, Electricity, Manufacturing and Aviation.

IoT security: The Council on the Connected World, led by the Forum, has established IoT security requirements for consumer-facing devices, safeguarding them against cyber threats. This initiative calls upon major manufacturers and vendors globally to prioritize better IoT security measures.

Paris Call for Trust and Security in Cyberspace: The Forum is proud to be a signatory of the Paris Call, which aims to ensure global digital peace and security, emphasizing the importance of trust and collaboration in cyberspace.

Contact us for more information on how to get involved.

In the building of innovative business models and technology solutions, cybersecurity is essential to protecting data, intellectual property, online transactions and ensuring user trust. Digital technologies are introducing new vulnerabilities faster than they can be secured and the prospect of curbing cyberattacks diminishes with each additional unsecured technology. Technologies are at increased risk because cyberattacks could cause more traditional, kinetic impacts as technology is being extended into the physical world, creating a cyber-physical system. Without security, anything connected to the internet, from a vehicle to a medical device, can be hacked, exploited and presents a threat to an organization.

We should not forget... that entrepreneurs are typically small and medium-sized enterprises (SME) and that SMEs represent about 90% of businesses and more than 50% of employment worldwide. Cyber-related incidents could have a dramatic impact on their survival.

—Martina Cheung, President, S&P Global Market Intelligence

More businesses are understanding that cybersecurity is an enabler of the everyday operations and its significance will only increase in the future. In terms of successful business conditions, cybersecurity is a business management challenge that requires a strategic and unified approach across all business units to ensure its most effective implementation.

4 things to know about cybersecurity

  • 1
    Cybersecurity is an enabler of the everyday operations of most businesses today and its significance will only increase in the future.
  • 2
    It is vital for the founders of and investors in a new business to commit to cybersecurity if they are to succeed in building cyber capabilities and foster a cyber-focused environment.
  • 3
    The successful future of our digital economies depends on integration of cyber essentials from the get-go of technological development.
  • 4
    Cybersecurity must be an ongoing, dynamic process, requiring regular assessment of risk and consideration of what else might be needed to reduce risk to acceptable levels and according to evolving business needs and challenges.

Cyber essentials: how to build security into tech innovation

The cyber essentials developed by the World Economic Forum and its partners consist of core cybersecurity principles and requirements to be applied when developing new companies and innovation. They represent what the Forum’s Centre for Cybersecurity and its partners consider to be the most important requirements that, if implemented, will provide a robust cybersecurity framework encompassing organizational, product and infrastructure security.

The successful future of our digital economies depends on integration of cyber essentials from the very outset of technological development. Incorporating cyber essentials in business processes and corporate culture must be an continuous process, not a once-a-year audit or compliance effort. The commitment to prioritizing cybersecurity rather than considering it as an afterthought must be firmly rooted in and throughout the corporate culture, product and services development cycle. A detailed cybersecurity programme and strategy does not have an end goal, but rather must be adapted and adjusted on regular basis.

The cyber essentials proposed in this report were developed by a community of stakeholders involving executives from technology companies, investment firms, credit rating agencies, entrepreneurs, academics and public-policy experts. The proposed cyber essentials are:

  • Organizational security:
    Cybersecurity culture
    Cybersecurity governance
    Cyber resilience
  • Product security:
    Security by design
    Privacy by design
  • Infrastructure security:
    Data governance
    Third party security

Readers of this report will find a detailed description of each cyber essential followed by practical steps for entrepreneurs on their implementation and guidance for investors on how to validate them. It is important to emphasize that cyber essentials need to be tailored to each organization, based on its size, nature and type of product.

A matter of survival

The technology is here to stay and flourish: there are no “digital rollback” plans. Consequently, entrepreneurs and innovators have a responsibility to respect technology as an essential component of daily life and consumers must demand security and safety standards as they do of other essential products and services.

Everyone needs to step up: users and consumers, governments and regulators, corporations and investors. The successful future of our digital economies depends on integration of cybersecurity principles like privacy and security by design from the get-go of technology development.

—Bruce Schneier, Lecturer, Harvard Kennedy School of Government

The cyber essentials focus on improving the security baseline across technology innovation. Over time, implementing the fundamental security and privacy features in technology will reduce the frequency, scale and success of cyberattacks and breaches, resulting in substantially more robust cybersecurity across industries and geographies.

Incorporating cybersecurity in technology from the very start of its development is no longer an option; it underpins the survival and stability of our economic systems, the transparency, sustainability and trust in our communication tools. It is a matter of national and international security.

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2023 World Economic Forum