A new report of the World Economic Forum Platform for Cybersecurity and Digital Trust emphasizes the vital role of cybersecurity in technological development and points to how companies can significantly reduce cyber risk – a necessity today, not a nice to have.
The rapid increase in cyberattacks and pressures escalating from the abrupt step change to digital prompted by COVID-19 have shifted consumer behaviour, according to the findings of the report released on June 25.
The report titled 'Incentivizing Responsible and Secure Innovation: A framework for entrepreneurs and investors' highlights the shift in consumer behaviour and outlines how entrepreneurs can develop cybersecurity capabilities.
The report provides a checklist of the essential cybersecurity requirements for developers, a risk-assessment tool and a guide for investors on how to validate them.
It was developed by the World Economic Forum, executives from technology companies, investment firms, credit rating agencies, entrepreneurs, academics and public-policy experts.
"With the economy and society growing ever more dependent on technology and particularly so in the COVID-19 pandemic, the security and privacy of our digital tools are more important than ever. With the dissemination of the cyber essentials in this report, the World Economic Forum Platform for Cybersecurity and Digital Trust seeks to provide guidance to entrepreneurs and investors determined to develop responsible, sustainable and secure technology and practices," said the news release of the World Economic Forum on Thursday.
"There is a serious imbalance between the "time to market" pressures and the "time to security" requirements for shiny new products and gadgets," said Algirde Pipikaite, industry lead, World Economic Forum Platform for Cybersecurity and Digital Trust.
"With the rapid increase of cyberattacks, companies need to prove to consumers that their data is secure. As the market shifts, we expect to see greater investment in companies prioritizing security and their longer-term success," Algirde Pipikaite elaborated.
The cyber essentials in the report include explicit core principles and requirements for new companies and products.
They represent what the Forum's Platform for Cybersecurity and Digital Trust and its partners consider to be the most important requirements that, if implemented, will provide a robust cybersecurity framework encompassing organizational, product and infrastructure security.
"Enterprises must understand that cybersecurity is a shared responsibility and the proposed cyber essentials provide clear and practical guidance to help companies of all types prioritize and implement security best practices," said Joram Borenstein, general manager, Cybersecurity Solutions Group, Microsoft. He contributed to the development of the insights report.
The cyber essentials need to be tailored to an organization's size, nature and type of product. The report details each, followed by practical steps for their implementation and guidance for investors on how to validate them.
They are: Organizational security, which includes cybersecurity culture, governance and cyber resilience; Product security, which includes security-by-design and privacy-by-design; and Infrastructure security, which includes data governance and third-party security.
"As the dependency on technology and digital solutions grows exponentially for millions of businesses during the COVID-19 pandemic, convenience and performance is taking priority while security is often seen as a secondary concern," said Martina Cheung, president of S&P Global Market Intelligence.
"Entrepreneurs, typically small and medium-sized enterprises (SME), represent about 90 percent of businesses and more than 50 percent of employment worldwide, and can be particularly vulnerable to cyber breaches. Public and private sector collaboration is essential to advancing cybersecurity awareness among entrepreneurs, while concurrently building innovation ecosystems with security top-of-mind," Martina Cheung added.
"An overwhelming majority of executives continue to be largely dissatisfied with the effectiveness of their cybersecurity spending, often all too myopically focused on the newest technologies," said Benjamin Haddad, director of Accenture Ventures and a contributor to the report.
"A strategic trade-off needs careful consideration to benefit fully from the combined power of cyber innovation, while minimizing the threat and enabling the people to perform effectively," he said.