• Agenda
  • Initiatives
  • Reports
  • Events
  • About
    • Our Mission
    • Leadership and Governance
    • Our Members and Partners
    • Communities
    • History
    • Klaus Schwab
    • Media
    • Contact Us
    • Careers
    • World Economic Forum USA
    • Privacy and Terms of Use
  • EN ES FR 日本語 中文
  • Login to TopLink

We use cookies to improve your experience on our website. By using our website you consent to all cookies in accordance with our updated Cookie Notice.

I accept
    Hamburger
  • World Economic Forum Logo
  • Agenda
  • Initiatives
  • Reports
  • Events
  • About
  • TopLink
  • Search Cancel

Report Home

<Previous Next>
  • Executive Summary
  • Introduction
  • Chapter 1. Developing a Clear Set of Action Areas
    • 1. Institutional Readiness
    • 2. Public and International Policy
    • 3. Community Responses
    • 4. Systemic Responses
  • Chapter 2. Findings: Understanding Cyber Risks and Response Readiness
    • 1. For most companies across sectors and regions, cyber resilience is a strategic risk
    • 2. Executives believe they are losing ground to attackers
    • 3. Large companies lack the facts and processes to make effective decisions about cyber resilience
    • 4. Concerns about cyberattacks are starting to have measurable negative business implications in some areas
    • 5. Substantial actions are required from all players in the cyber resilience ecosystem
  • Chapter 3. Future Scenarios
    • Scenario One: Muddling into the Future
    • Scenario Two: Backlash Decelerates Digitization
    • Scenario Three: Cyber Resilience Accelerates Digitization
    • Applying the Scenarios
  • Chapter 4. Conclusions and Roadmap for Collaborative Action
  • Team and Acknowledgements
Risk and Responsibility in a Hyperconnected World 2014 Home Previous Next
  • Report Home
  • Executive Summary
  • Introduction
  • Chapter 1. Developing a Clear Set of Action Areas
    • 1. Institutional Readiness
    • 2. Public and International Policy
    • 3. Community Responses
    • 4. Systemic Responses
  • Chapter 2. Findings: Understanding Cyber Risks and Response Readiness
    • 1. For most companies across sectors and regions, cyber resilience is a strategic risk
    • 2. Executives believe they are losing ground to attackers
    • 3. Large companies lack the facts and processes to make effective decisions about cyber resilience
    • 4. Concerns about cyberattacks are starting to have measurable negative business implications in some areas
    • 5. Substantial actions are required from all players in the cyber resilience ecosystem
  • Chapter 3. Future Scenarios
    • Scenario One: Muddling into the Future
    • Scenario Two: Backlash Decelerates Digitization
    • Scenario Three: Cyber Resilience Accelerates Digitization
    • Applying the Scenarios
  • Chapter 4. Conclusions and Roadmap for Collaborative Action
  • Team and Acknowledgements

Chapter 1. Developing a Clear Set of Action Areas:

1. Institutional Readiness

banner-keyboard-hand

Share

Governance

Prioritize information assets based on business risks. Most institutions lack sufficient insight into the precise information assets they need protected and how to assign priorities to those assets. Going forward, cyber resilience teams need to work with business leaders to better understand business risks (for example, what it means to lose proprietary information about a new manufacturing process) across the entire value chain and to set appropriate priorities to the underlying information assets.
Develop deep integration of security into the technology environment to drive scalability. Almost every part of the broader technology environment has an impact on an institution’s ability to protect itself, from application development practices to policies for replacing out-dated hardware. Institutions must move from “bolting security on” to training their entire staff to incorporate security from the start into technology projects.

Program/network development

  • Provide differentiated protection based on the importance of assets. As the axiom states, “To protect everything is to protect nothing.” By implementing differentiated controls, such as encryption and more rigorous passwords, institutions can focus time and resources on protecting information assets that matter the most.
  • Deploy active defences to uncover attacks proactively. Massive amounts of information are available about potential attacks – both from external intelligence sources and from an institution’s own technology environment. Increasingly, companies will need to develop capabilities to aggregate and analyse relevant information, and use it to appropriately tune defence systems such as firewalls.
  • Test continuously to improve incident response. An inadequate response to a breach – not only from the technology team, but also from those in marketing, public affairs or customer services – can be as damaging as the breach itself because of the adverse reaction it can elicit from clients, partners, government regulators and others. Taking a page from the military, institutions should run cross-functional “cyberwar games” to improve their ability to respond effectively in real time.
  • Help personnel to understand the value of information assets. Users are often the biggest vulnerability for an institution. They click on links they should not, select insecure passwords and send sensitive files by e-mail to broad distribution lists. Institutions need to segment users, and help each group to understand the business risks of the information assets they touch every day. 
  • Integrate cyber resistance into enterprise-wide risk management and governance processes. Cyber resilience is an enterprise risk, and must be managed like one. Assessments of risks from cyberattack must be i ntegrated with other risk analysis and presented at relevant management and board discussions. Cyber resilience implications must be integrated into the broad set of enterprise governance functions such as human resources, vendor management and regulatory compliance.

The importance of these actions was highlighted in interviews with chief information security officers (CISOs) and other executives. Across the board, executives gave their institutions poor average marks for executing these critical responses (see Figure 1). As a group, these institutional readiness actions can also serve as benchmarks and form a core of expanded cyber resilience collaboration with the public sector and communities.

FIGURE 1: POTENTIAL ACTIONS TO IMPROVE INSTITUTIONAL READINESS

f-1

Back to Top
Subscribe for updates
A weekly update of what’s on the Global Agenda
Follow Us
About
Our Mission
Leadership and Governance
Our Members and Partners
The Fourth Industrial Revolution
Centre for the Fourth Industrial Revolution
Communities
History
Klaus Schwab
Our Impact
Media
Pictures
A Global Platform for Geostrategic Collaboration
Careers
Open Forum
Contact Us
Mapping Global Transformations
Code of Conduct
World Economic Forum LLC
Sustainability
World Economic Forum Privacy Policy
Media
News
Accreditation
Subscribe to our news
Members & Partners
Member login to TopLink
Strategic Partners' area
Partner Institutes' area
Global sites
Centre for the Fourth Industrial Revolution
Open Forum
Global Shapers
Schwab Foundation for Social Entrepreneurship
EN ES FR 日本語 中文
© 2019 World Economic Forum
Privacy Policy & Terms of Service