Organizations aren’t building enough resiliency against the threat of cyberattacks, says a new report from the World Economic Forum.
The report, issued today, says “there is a large perception gap between business executives who think their companies are secure and security leaders who disagree.”
In particular
- 92 per cent of business executives surveyed agreed that cyber resilience is integrated into enterprise risk-management strategies, but only 55 per cent of security-focused leaders (including CISOs) surveyed agreed with the statement;
- 84 per cent of respondents said that cyber resilience is considered a business priority in their organization, with support and direction from leadership, but a significantly smaller proportion (68 per cent) see cyber resilience as a major part of their overall risk management;
- Only 19 per cent of cyber leaders feel confident that their organizations are cyber resilient;
- 59 per cent of all respondents said they would find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team. While the majority of respondents ranked talent recruitment and retention as their most challenging aspect, the report says, business executives appear less acutely aware of the gaps than their security-focused executives, who perceive their ability to respond to an attack with adequate personnel as one of their main vulnerabilities
“Due to this misalignment,” says the report, “many security leaders still express that
they are not consulted in business decisions, which results in less secure decisions and security issues. This gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies.”
The report defines cyber resilience as the ability of an organization to transcend (anticipate,
withstand, recover from, and adapt to) any stresses, failures, hazards and threats to its
cyber resources within the organization and its ecosystem, such that the organization
can confidently pursue its mission, enable its culture and maintain its desired way of
operating.
The World Economic Forum (WEF) pushes for public-private co-operation. It is largely known for its annual conference in Davos, Switzerland. Its Centre for Cybersecurity is an independent platform that tries to bridge the gap between cybersecurity experts and decision-makers.
This is the forum’s first annual Global Cybersecurity Outlook.
“Companies must now embrace cyber resilience – not only defending against cyberattacks but also preparing for swift and timely incident response and recovery when an attack does occur,” said Jeremy Jurgens, managing director of the WEF, on the release of the report, which noted that 2021 was a record-breaking year for cybercrime.
The report says the shift to cyber resilience “will be a crucial development and objective in the next two years. Cyberattacks are inevitable, and at the core of any future-proof cybersecurity strategy stands resilience.” Without continuous investment and
commitment to cyber resilience, it adds, “organizations will be more vulnerable to cyberattacks and thus more likely to endure reputational, financial, operational and safety impacts.”
The report also talks about the importance of information-sharing partnerships between the private sector and government cybersecurity agencies, the problems in recruiting and maintaining cybersecurity talent, and supply chain attacks.