WEF says strategic risk management only answer to modern cyber risk

Cybersecurity is no longer enough to protect companies from cyber threats that now demand strategic risk management, according to the World Economic Forum (WEF). In a new report, the WEF issues a “call to arms” to risk managers after concluding “cybersecurity is no longer a sufficient tactic”. “Building resilience needs to be integrated into an organisation’s strategy,” the WEF says. It adds that companies need to do more to recover from an attack rather than put all their efforts into cybersecurity. “It is impossible to attain complete cybersecurity, so the key objective must be to reinforce cyber resilience,” the WEF says. “We are at a crossroads, a point at which cyber resilience has become the defining mandate of our time – beyond foundational security controls – to anticipate future threats, withstand, recover from cyberattacks, and adapt to likely future digital shocks,” commented Algirde Pipikaite, cybersecurity strategy lead at the WEF. The forum’s managing director Jeremy Jurgens said: “Companies must now embrace cyber resilience – not only defending against cyberattacks but also preparing for swift and timely incident response and recovery when an attack does occur.” In a survey undertaken for its first annual Global Cybersecurity Outlook, the WEF found that less than one fifth of chief cybersecurity officers are confident their organisations are cyber resilient. Some 84% of respondents said cyber resilience is a priority for their organisation but only 68% said cyber resilience is a major part of overall risk management. “Due to this misalignment, many security leaders still express that they are not consulted in business decisions, which results in less secure decisions and security issues. This gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies,” the report says. The majority (92%) of CEOs said cyber resilience is integrated into ERM strategies, but only 55% of cybersecurity officers agreed. “This gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies,” the WEF says. Nine in ten respondents said SMEs are “the weakest link in the supply chain”, with 40% of respondents affected by a cybersecurity incident at third parties. The WEF says it takes organisations almost ten months on average to detect a security breach, and the survey found two thirds of firms would be challenged to respond to an incident because of skills shortages. “To put this into perspective, an incident that occurs on 1 January may not be fully contained until 8 October,” the WEF explains. The survey also found that 80% of chief information security officers consider ransomware a danger and a threat to public safety. The WEF says a 151% rise in ransomware attacks in 2021 increased the average number of attacks per organisation to 270 in the year. This is a rise of 31%. Every successful cyberattack cost an average $3.6m last year, according to the report.

WEF says strategic risk management only answer to modern cyber risk

Want to read this article?

Read Next

Marsh tracks slowdown in global Q1 rate hikes

Markel names head of terrorism in London

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

Marsh tracks slowdown in global Q1 rate hikes

Markel names head of terrorism in London

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

Want to read this article?

Read Next

Marsh tracks slowdown in global Q1 rate hikes

Markel names head of terrorism in London

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

Related Articles