Geopolitical instability increases the threat of a ‘catastrophic cyberattack within the next two years’

Geopolitical instability exacerbates the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report, which was launched today at the World Economic Forum’s 2023 Annual Meeting in Davos. More than 93% of cybersecurity experts and 86% of business leaders believe that “a large-scale catastrophic cyber event is likely within the next two years” and that there is a critical skills gap that threatens companies and businesses. key infrastructure.

The Global Cybersecurity Outlook 2023 the results were based on surveys, workshops and interviews with over 300 experts and senior executives. Half of the companies surveyed said the current landscape is forcing them to reassess the countries in which their organization operates.

Despite the challenges, organizations are improving cyber resilience, one of the top priorities of the World Economic Forum’s Center for Cybersecurity. The report, co-authored with Accenture, says awareness and preparation will help organizations balance the value of new technologies against the cyber risk that comes with them.

The report highlights the need to address the shortage of skilled talent and experts. Some 34% of cybersecurity experts said they lacked certain skills in their team, with 14% saying they lacked essential skills. The problem is most pronounced in key industries such as energy utilities, where nearly 25% of cybersecurity experts said they lack the critical skills needed to protect their organization’s operations. Expanding the cybersecurity talent pool is necessary to address this issue. Several successful cybersecurity skills programs are underway around the world, but many are struggling to scale to large numbers. Greater interprofessional and public-private collaboration is needed to overcome this problem.

Geopolitics is reshaping the legal, regulatory and technological environment. “As global instability increases cyber risk, this report calls for a renewed focus on cooperation. All public and private sector stakeholders who are responsible for our shared digital infrastructure must work together to strengthen security , resilience and confidence,” said Jeremy Jurgens, Managing Director, World Economic Forum.

Insights from cybersecurity experts and business leaders

On awareness:

“Research shows that business leaders are now more aware of their organization’s cyber risks, but there is a need to go further in assessing and translating business risk into concrete next steps across the entire organization. the organization. Long-term cyber resilience requires a tightly coordinated team effort across the C-suite to gain a clearer view of cyber risks so that security can be integrated into all strategic business priorities and protect the digital heart. As our digitally connected world grows, now is the time to build cyber-resilient businesses for customers, employees, and supply chain partners.

Paolo Dal Cin, Global Head, Accenture Security

To close the skills gap:

“The threat landscape continues to expand and evolve with cyber adversaries targeting organizations of all sizes, locations and industries across the globe. Disruption of operations or services and compromise of data due to cyberattacks in the context of a global skills gap puts every individual, organization and even nation at risk. When we work together to encourage best practices, we see greater progress in the fight against cybercrime. Shared data and trusted global partnerships can enable more effective responses and better predict future attack strategies to deter adversary efforts.

Ken Xie, Founder, Chairman and CEO, Fortinet

On regulation:

Executives are now more likely than a year ago to view data privacy laws and cybersecurity regulations as an effective tool for reducing cyber risk in an industry. But speed is a problem.

“Normalization can take 18 months, but a cyberattack takes seconds. The speed at which emerging technologies are implemented often exceeds our ability to build security measures around them. We must go beyond mere regulatory compliance if organizations are to be cyber-resilient. »

Hoda Al Khzaimi, Director, Center for Cybersecurity, Founder and Director EMARTSEC, New York University (NYU), Abu Dhabi

On investing in cybersecurity:

According to the report, the speed at which new technologies are being implemented means that real and lasting cyber resilience comes from embedding cybersecurity into an organization’s culture and decision-making processes.

“Cyber ​​attackers don’t rely on macroeconomic challenges, they double down on them. There is no path to success that is not heavily driven by AI and automation. As enterprises accelerate their digital transformation journey, now is the time to reinvent and invest in cybersecurity architectures – intelligent platforms –. Boards of directors and the C-suite must adopt a strategy in which cybersecurity is deeply integrated throughout the entire company, from operations to innovation. Only then can organizations create a state of resilience that enables, not inhibits, their strategic business outcomes.

Nikesh Arora, CEO and President, Palo Alto Networks

A persistent and vexing challenge is determining the price of cybersecurity. “Board members are interested in risk, opportunity and cost investing,” said one survey respondent. “We need to better answer the question, ‘What’s the return?’ How do I know this is a good investment out of the myriad of things I could potentially be invested in? How can we improve the creation of effective metrics to help boards make more informed decisions? »

Cybersecurity also influences strategic business decisions, with 50% of participants in the Cybersecurity Outlook 2023 survey saying cybersecurity was a consideration when evaluating which countries to invest in and do business in.

Building a cyber-resilient organization:

Compared to last year, the report found that board-level leaders are more likely to prioritize cyber risk and are more aware of their own role in addressing it. This has led to increased interaction with cybersecurity leaders, “cyber leaders, business leaders and boards are now communicating more directly and more often.” The bad news is that they “continue to speak different languages”.

Too often, when security and business leaders discuss cybersecurity, the rapidly changing contours of cyber risk get lost in translation. Information security managers may fail to convey the complex data they have collected – on risk points, threat actors, mapping of criminal campaigns – into an accessible story that translates into action. specific mitigation measures in their organizations.

Instead, they should tell stories that align with their corporate and business priorities. “Boards should be presented with a cyber posture that resonates with customer and regulatory expectations and helps address industry ecosystem challenges,” said Christophe Blassiau, Senior Vice President, Cybersecurity & Global Chief Information Security Officer, Schneider Electric.

Despite this challenge, the report found that the disconnect between cybersecurity leaders and business leaders has begun to close. Both increasingly perceive the high degree of exposure to risk and allocate more resources to coordinate responses effectively. Today, the priority is speed.

Leave a Reply