WEF: cyber resilience strategic priority
The World Economic Forum, together with Oxford University, has released a new report entitled:”Unpacking Cyber Resilience“
According to the WEF 'Global Risk Reports' cyber security risks are high on the agenda of organizations since 2020. The challenge is big. Digital transformation changes organizations. Primary processes are often supported by digital technology without offline alternatives. Ensuring true cyber resilience is therefore a fundamental issue for the organization's leadership, and thus also affects shareholder value. In other words, it's “Chefsache” (board priority).
The study by the WEF and Oxford University comes up with a strategic definition of cyber resilience and looks at a broad list of risk scenarios, such as supply chain issues, attacks on trust and reputation, and legal liability for data breaches.
Cyber resilience is an organization's ability to minimize the impact of significant cyber incidents on its primary objectives
A number of key findings and recommendations from the report:
- Cyber resilience is a strategic priority for organizations to succeed in the digital age;
- Cyber incidents can have far-reaching consequences for an organization. Frequent mistakes can damage trust in society;
- Some estimates indicate that digital resilient companies have 50% higher shareholder value compared to less resilient peers;
- The impact of cyber incidents on SMEs is particularly significant; estimates indicate that 60% of affected SMEs are bankrupt 6 months later;
- The role of leadership (the board or management team) is essential. A culture is needed where cyber resilience is given top priority.
A cyber aware boardroom is much better able to manage incidents and limit damage
- In recent years, the focus has changed from cyber security to a broader concept of cyber resilience;
- Cyber response plans must be thoroughly tested in order to act quickly and effectively in the moment;
- Recovering from a cyber incident goes beyond getting operations back online. Impact on all stakeholders has been improved, financial performance restored and strategic assets protected.
Finally, a number of common learning points from successful cyber resilience are given:
- Cyber resilience starts at the top of an organization;
- Decision-making about cybersecurity & resilience must follow existing governance;
- Cyber resilience must be built into business processes (100% cyber security does not exist);
- Response plans are necessary to respond effectively to incidents;
- Collaboration is necessary, e.g. to identify single points of failure in an industry;
- How can the limited pool of cybersecurity knowledge be deployed, even with suppliers who have no or limited internal capacity.
.png)