The World Economic Forum has developed a new method by which organisations might calculate the potential impact of cyber threats. The framework, designated Cyber Value-at-Risk, sees the light of day at a juncture when cyber attacks are increasing in velocity and intensity and no less than 90% of companies worldwide recognise that they’re insufficiently prepared to protect themselves against such incursions.
“Continuous cyber attacks on global organisations are showing that we’re at a crossroads,” explained Alan Marcus, senior director of Information and Communication Technology Industries at the World Economic Forum. “The same technologies many organisations have become so dependent upon over time can also threaten their very core. This is why we’re launching a Future of the Internet initiative in Davos, including this critical Cyber Value-at-Risk framework.”
The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created in collaboration with Deloitte and encompasses the detailed input of 50 leading organisations from around the world.
The purpose of the Cyber Value-at-Risk approach is to help organisations make better decisions about their investments in cyber security, develop comprehensive risk management strategies and stimulate the development of global risk transfer markets.
Also, the new framework helps organisations address questions such as how vulnerable they are to cyber threats, how valuable the key assets at stake really are and who might be targeting them.
The World Economic Forum framework requires organisations to understand key cyber risks and the dependencies between them. It will also help them establish how much of their value they could protect if they were victims of a data breach and for how long they can ensure their cyber protection.
The Internet must remain “free, open and secure”
Commenting on this development, Jacques Buith (managing partner at Deloitte Risk Services) outlined: “We need to be able to quantify cyber risks if proper cyber resilience assurance is to be achieved. Only then will management Boards be able to take sound risk-reward decisions in this volatile world and thus secure their organisations’ cyber resilience. We’re proud to have been given the opportunity to work alongside the World Economic Forum on a framework to quantify cyber risks. The World Economic Forum’s network enables as many organisations as possible to use these insights in protecting themselves against cyber attacks and, in turn, providing for a safer digital world.”
Mark Rutte, Prime Minister of the Netherlands, opined: “The Internet has become a key strategic resource for citizens, companies and Governments alike. In order to fully realise its enormous potential for growth and innovation, Governments and the private sector need to work together in ensuring that it remains free, open and secure.”
The Netherlands, of course, is a leader in the field of Internet access, the use of e-mail, social media and mobile data. At the Global Conference on Cyber Space to be held in The Hague between 16-17 April, the challenges ahead will be discussed by all of the major stakeholders from the public and the private sector.
TK Kurien, CEO at Wipro, added: “As part of Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, we’ve been working together with members of the initiative to advance the Cyber Value-at-Risk estimation. At Wipro, for example, we have developed a model that has helped us build a more structured view of our risk profile and make more fact-based investments and policy decisions.”
Kurien continued: “We’re also in active engagement with our customer Boards and management teams to help them better appreciate risks and ultimately transform their security profiles. We hope this approach will serve other organisations well as they develop their own cyber resilience strategies.”
Davos focus on cyber security “must be matched by action”
Reacting to the World Economic Forum’s report that estimates a $3 trillion cost to the global economy if cyber security isn’t taken seriously, Phillip Hodgins (principal advisor at KPMG) argues that instilling fear in international businesses is counter-productive.
“Companies are constantly embracing new technologies and digital platforms to improve efficiencies and customer experience,” said Hodgins. “Understanding the risks that come with these ambitions is important, but there’s a very real risk that innovation can be stifled by fear if business leaders are bombarded by messages of doom.”
Hodgins continued: “It’s a mark of the collective progress made by Governments and corporate IT teams over the past 12 months that cyber security is now very much a Boardroom concern. However, for it to stay that way then executives need a clear understanding of its relevance to their own organisation. That way, the right decisions can be made and appropriate steps taken to better manage the risk.”
In conclusion, Hodgins told Risk UK: “Managing cyber risk should be about what you can do, not what you cannot do. All-too-often it’s the case that security measures are seen as restrictive. Organisations that regularly review their cyber risk exposure and understand the link to their business objectives can feel free to benefit from a more efficient investment in security and continue to grow both market confidence and trust.”
*Download your copy of Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats
**More than 2,500 participants from over 140 countries (ncluding 40-plus heads of state or Government) convened at the 45th World Economic Forum Annual Meeting which took place from 21-24 January 2015 in Davos-Klosters, Switzerland
Only one third of businesses use big data in strategic decision-making process
Only 31% of businesses have significantly restructured their operations to help big data be at the heart of every business decision. That’s according to new research from EY examining how companies are currently using big data analytics to find, measure, create and subsequently protect value across the business.
The EY report ‘Becoming An Analytics-Driven Organisation to Create Value‘ suggests that most companies are still using analytics in an isolated way to address specific business issues, limiting the potential value to increase both performance and efficiency.
At the same time, it emerges that 50% of businesses do not trust their own data.
The EY report is based on a survey of 270 senior executives who responded to questions on all aspects of their data strategy. Those respondents are active stakeholders in big data projects. All departmental functions and industry sectors are represented, with the majority of respondents working in finance, marketing and IT as well as cross-departmental management roles.
Herman Heyns, EY’s head of big data and analytics for the UK and Ireland, commented: “Data can be the lifeblood of an organisation if it’s allowed to flow freely across the entire ecosystem. As our research shows, building the right organisational structure and governance framework to support value-driven decision-making remains a challenge for many businesses. Those organisations need to invest in the necessary skills, structure and data governance to help them build a data strategy that’s trusted, valued and supported by key stakeholders.”