Chapter 4. Conclusions and Roadmap for Collaborative Action
As part of its multistakeholder dialogue across regions and sectors, the partnership also accepts that no static, universal set of actions can address the rapidly evolving environment of cyber risks. The community-led partnership has developed guidelines and principles for companies to build effective cyber risk management programmes. Included in the initiative is a framework tool for chief executive officers and other leaders to pilot internal reviews of their organizations’ cyber resilience capabilities. The tool offers a rough composite score to locate the organization on the five stages of a “hyperconnection readiness curve”. (See Figure 15.)
Against this curve leaders can aspire to select from a range of high-value responses to build a robust cyber resilience capability, and benchmark their institutions against best practice. The framework also can prompt discussion about the necessary steps to climb the maturity scale, the attributes against which to set goals, and the actions required to spur cooperation in building a stronger cyber resilience ecosystem. Finally, the framework can serve as a collaborative tool, providing a resource for member organizations through links to existing best practices and specialized organizations such as Interpol and Europol. The maturity-curve framework is a critical starting point for companies to position themselves on the scale of cyber resilience readiness, and the actions they can take to improve.
The next phase is to transform the static framework into a community-driven, self-sustaining online conversation. In this way, partners can facilitate the collection and synthesis of cyber resilience expertise across industries, sectors and regions.
With a core World Economic Forum team and its partners in an enabling role, the initiative engages participants by first locating their organizations on the cyber resilience readiness curve. The five stages of readiness range from “unaware” (companies that see cyber risk either as irrelevant or not part of their risk management processes) to “fully networked” (industry leaders in managing cyber risk). Organizations are advised on the precise steps necessary to move from one level to the next towards a vibrant networked approach to cyber risk management.
As strengths and weaknesses are identified, partners are encouraged to share their insights with one another and to actively adapt, improve and build out this framework so that it is broadly applicable and useful, regardless of sector or region. Simultaneously, the core team will proactively solicit input from partners who might have insights into specific sectoral cyber risk issues and remedies. The team will serve as a repository for those insights, which can then be used to flesh out the framework in a structured way for broader sharing. The idea is to create a continuous online feedback loop of ever-expanding knowledge to build the framework into a more precise barometer of an organization’s cyber-readiness and to expand the range of constructive actions that public and private organizations can take to address gaps. Concurrently, a number of tools focus on specific components of the framework. The community is urged to link to these resources rather than create a new set of action items.
The Partnership for Cyber Resilience core team will organize regional meetings, project meetings and working group calls to launch and continue this community conversation, and provide the online tools for engagement to partners.