Chapter 1. Developing a Clear Set of Action Areas
As the risk of cyberattacks is becoming more prevalent, the cost of the attacks – to companies, public institutions, the global economy and society at large – is also growing. This is the clear message that emerged from research assembled over the past year. To foster technology innovation, and continue to reap value from it, a robust cyber resilience ecosystem is required across sectors and institutions. To deter malevolent attackers, companies will have to abandon their current fragmented cyber resilience defences built around reactive “audit” and “compliance” models. Today’s increasingly digital age needs a step-change in cyberattack response – cyber resilience models that are characterized by a business-driven, risk-management approach.
The Partnership for Cyber Resilience, launched at the World Economic Forum Annual Meeting 2012 in Davos-Klosters, identified three vital areas of robust cyber resilience: information-sharing, critical infrastructure protection, and policy development. During the past year, the group’s dialogue set a context for these vital areas within a broader readiness framework aimed at building collaboration and coordination. Institutional readiness and the potential action to improve it, form the first of four pillars of this broader structure. The others include public and international policy, community action and systemic action.
The latest work, which included interviews, workshops and surveys, has shown that a range of high-value responses exists upon which to build a vigorous cyber resilience capability at the institutional level. This group of institutional readiness responses comprises governance issues, program development and network expansions for private-sector institutions. On the one hand, these responses address an immediate need of executives for specific steps to shore up their companies’ current cyber resilience capabilities and establish critical benchmarks. On the other, the responses can form the core of a cyber resilience model that, over time, can foster companies’ collaboration with partners in public and international policy, as well as community and systemic responses. Strengthening the core is an essential first step to developing effective responses on a broader scale.
FROM A BROAD DATA SET WE BUILT FUTURE SCENARIOS, ESTIMATED IMPACT AND DEVELOPED POTENTIAL ACTIONS