close
close

Cybersecurity: building resilience and trust in a digital world

Posted on by darion

Context of growing cybersecurity and resilience concerns

Accelerated digitalization, coupled with rising geopolitical tensions, is accompanied by increased polarization, erosion of trust and lack of cybersecurity. In this context, cybersecurity is crucial. The World Economic Forum (WEF) recognizes cyber insecurity as one of the top 10 global threats, and cyber attacks are among the top three public and private sector concerns worldwide.

Since the pandemic, the number of cyberattacks has doubled. 29% of organizations have experienced one cyberattack in the last year, and 91% of executives believe a major cyber incident is likely to occur in the next two years. The supply chain and organizational ecosystem are particularly important – 41% of cyber incidents come from third parties.

More worryingly, the gap is widening between organizations that are cyber-resilient and those that are not, as evidenced by the fact that less than a quarter of SMEs have cyber insurance compared to 75% of larger organizations and More than twice as many SMEs as large organizations report that they lack the cyber resilience necessary to meet their critical operational requirements, which may delay their evolution in a digital world.

Cybersecurity trends – 2024

Source: Telefónica based on the World Economic Forum – Global Cybersecurity Outlook 2024.

The high costs of cyber insecurity

The cost of cyberattacks or data breaches is getting higher: the average total cost of an incident for large organizations is estimated at $4 million. The global cost of cyber incidents is very high, expected to be around $9.5 trillion by 2024, equivalent to the world’s third-largest economy after the United States and China.

Cybersecurity insecurity imposes direct and indirect costs on society and businesses: threats to people’s security and privacy; costs of service disruptions, including those critical to society; ransom payments; loss of data and important information; legal liability towards third parties; sanctions; or loss of reputation, which may affect the company’s valuation and even its profitability.

What are the challenges?

Progress in digitalization can only go hand in hand with appropriate cyber resilience, fostering trust and inclusion of the entire production fabric. According to the International Monetary Fund’s cyber risk report, those most at risk are companies from more connected sectors or with more interesting assets for attackers, with less protection (e.g. SMEs), from countries with higher geostrategic risk or with lower levels of cyber legislation. risk.

Yet the biggest success stories in cybersecurity remain silent, making it difficult for businesses and governments to justify the return on investment in improving resilience. Indeed, actors tend to strengthen their cyber defenses after an incident, suggesting that a dynamic learning process is taking place. As noted by the International Monetary Fund, as with other investments such as research and development, private or government incentives to address cybersecurity threats may differ from the social minimum. Cybersecurity has positive externalities for the economy, while at the same time there may be market failure due to the difficulty in justifying the return on these investments.

Complex and fragmented policy and regulatory frameworks

Cybersecurity policy and regulation aimed at increasing cyber resilience is currently a fragmented, complex, cross-cutting and evolving framework that aims to address threats in a global digital world, not without geopolitical tensions and where new technologies are emerging.

The motives for attacks vary, although attackers are often motivated by money (organized gangs), but also by recognition and political or social considerations. It is not enough to increase cyber resilience (improving the shield), but effective progress in the fight against cybercrime crossing national borders is necessary.

In this new world, cyber insurance plays a key role in risk protection. Cyber ​​insurance, also known as cyber risk insurance, is a contract that companies can enter into to protect against financial loss or liability related to cyber incidents. Coverage may vary. Cyber ​​insurance costs are rising and cybersecurity rating agencies are becoming more important. Unlike credit rating agencies, they lack transparency and regulation.

Lack of specialized cybersecurity specialists and culture

The human and cultural factor is of fundamental importance. And the shortage of specialists is very high: improving cyber resilience requires almost twice as many specialists as currently. There are 5.5 million cybersecurity professionals worldwide. Despite growth, the gap continues to widen and around 4 million additional specialists will still be needed globally by 2023.

In Europe, a Eurobarometer survey published in May 2024 shows that cyber skills shortages are growing and that more cybersecurity specialists and employees with strong cybersecurity awareness are needed in every enterprise. While there is general agreement that cybersecurity is a high priority for companies (71%), the main challenge remains taking action, particularly around culture and training.

Recommendations for improving cyber resilience

After analyzing the situation in Europe, the Council of Europe adopted conclusions in May 2024 in which it proposed a number of actions, including the presentation of a revised cybersecurity strategy, updating the existing Europe 2020 strategy.

In an increasingly connected world, building cyber resilience and increasing digital trust for inclusive digitalization requires better cooperation, appropriate frameworks, capacity building and incentives. Here are some general recommendations at a global level to help achieve these goals:

  • Strengthen multilateral cooperation against cybercrimefrom incident prevention, identification and containment, to investigation and prosecution, by providing the necessary resources and capabilities.
  • Promoting best practices and minimum standards in cybersecurity, including the development of independent cybersecurity agencies with cybersecurity resources, policies and plans, and encourage the use of international security frameworks (e.g. ISO) and recognized certifications, promoting transparency and harmonization.
  • Improving harmonisation, consistency and many interested parties cooperation, avoiding overlaps or inconsistencies in regulation and implementation, addressing coordination between competent authorities and companies and the consistency of incident reporting systems, and the sharing of cybersecurity intelligence.
  • Explore new financing mechanisms and fiscal incentives to improve cyber resilience and capacity building, and cybersecurity culture to address the necessary investment and shortage of cybersecurity professionals.
  • Defining and monitoring new key indicators of investment and expertise at an international levelin the absence of indicators and to support investments.
  • Strengthen the quality of cybersecurity assessment agencies (Or “cyber assessment“) with regulations similar to those applicable to rating agencies.

Resilience is a state of being able to cope with adversity and maintain continuity of action. Improving cybersecurity is an essential first step.