The World Economic Forum's Global Cybersecurity Outlook for 2023 warns of an increase in cyberattacks due to the growing use of digital technologies and the COVID-19 pandemic. The report emphasizes the need for collaborative efforts between governments, businesses, and individuals to enhance cybersecurity measures, mitigate risks, and protect digital assets.
We spoke with Karen Worstell, Senior Cybersecurity Strategist, VMware, to get her insights on the report: “The World Economic Forum (WEF) recently released its Global Cybersecurity Outlook for 2023, reflecting on various trends impacting the cybersecurity industry as of late. These trends are creating emerging, ongoing risks due in large part to new technologies entering the space, a shortage of cybersecurity professionals, and growing political instability. This is especially concerning as the report also warns of a possible “catastrophic cyberattack,” a warning all too real that highlights the need for better integration internally between security and business leaders. To prepare, business and security leaders need to ask themselves, what strategy can we rely on to keep our organization safe?
The most common answer is likely “strengthening third-party security controls” but unfortunately, this indicates that companies think security is the “other party’s problem” instead of looking at the need to get their own house in order. Before organizations turn outward to protect their network, they should first look inward, addressing the talent they have on hand. The WEF report highlights increased awareness from business leaders of the cyber skills gap while noting the overall talent shortage has not been solved. This makes it even harder for organizations to align business and security, as many do not have people with the proper skills in place to do so. Other data has come to suggest the skills gap varies widely by sector, with energy/utilities reporting the biggest gap in critical skills when it comes to cybersecurity. This is especially alarming, given the increase in nation-state attacks on U.S. critical infrastructure rose from 20% to 40% of attacks.
Once internal talent is addressed, organizations should reflect on the varying perceptions of the positive influence of cybersecurity approaches, as highlighted in the report. For example, 51% of business leaders view cyber as being “a key business enabler,” while an additional 10% see it as a “product & service differentiator.” Recent headlines have highlighted potential loss from lack of availability due to deferred maintenance, which is part of poor cyber hygiene. Implementing digital transformations and increased use of cloud-based services can aid in reducing technical debt - of the single biggest security risk factors - quickly and efficiently.
On the other hand, this report also speaks to a significant shift toward board members recognizing the effectiveness of cyber and privacy regulations in regard to reducing risk. This is because regulations are commonly something boards pay attention to. It’s fascinating that boards haven’t been as motivated by exercising due diligence to a defensible standard of care by the sheer fact that they exist. To some degree the fault of regulation that drives compliance behavior, and a generation of cyber leaders who drive security from a risk reduction viewpoint instead of security by outcomes tied to the CIA. The message seems to be that board behavior is compelled by regulation and statute as opposed to “doing the right thing.” ###