Cybersecurity failure is a “clear and present danger” and critical global threat, yet responses from board directors have been fragmented, risks not fully understood, and collaboration between industries limited, according to a WEF report.
The report reveals that boards of directors need to play a more active role in protecting their organization from cyber risks – and provides a solution to this fragmentation.
Organizations facing a tremendous increase in cyber risk
Around the world, organizations are facing a tremendous increase in cyber risk. The research reveals that 31% of companies now experience a cyberattack at least once a day, a trend that’s expected to skyrocket as cybercriminals employ AI and automation to increase the sophistication and effectiveness of their attacks.
Evidence was also found that more than 1,000 companies globally had their data leaked following a ransomware attack in 2020 – a trend that’s expected to accelerate as data exfiltration surpasses encryption as the primary attack tactic for cybercriminals.
What can board directors do when it comes to cybersecurity?
The report shows how directors can improve their understanding of cyber risks to quickly incorporate cyber-risk planning into their companies’ overall strategy.
“Without a principled foundation for understanding and governing cyber risk at the board level, risk responses have been piecemeal and security gaps have risen,” said Daniel Dobrygowski, Head of Governance and Trust at the World Economic Forum Centre for Cybersecurity.
“These principles provide much needed foundations for directors in any industry or geography. Cybersecurity is not just a technology problem; it is an economic and strategy issue crucial for boards to address given the current environment.”
The expert-led team identified six principles that apply to a wider audience of boards and management teams, specifically:
- Cybersecurity is a strategic business enabler
- Understand the economic drivers and impact of cyber risk
- Align cyber-risk management with business needs
- Ensure organizational design supports cybersecurity
- Incorporate cybersecurity expertise into board governance
- Encourage systemic resilience and collaboration