Cyber attack risk framework for businesses developed by World Economic Forum

The World Economic Forum estimates a $3 trillion cost to the global economy if the issue of cyber security is not taken seriously

The World Economic Forum estimates a $3 trillion cost to the global economy if the issue of cyber security is not taken seriously

The World Economic Forum has developed a new method by which organisations might calculate the potential impact of cyber threats. The framework, designated Cyber Value-at-Risk, sees the light of day at a juncture when cyber attacks are increasing in velocity and intensity and no less than 90% of companies worldwide recognise that they’re insufficiently prepared to protect themselves against such incursions.

“Continuous cyber attacks on global organisations are showing that we’re at a crossroads,” explained Alan Marcus, senior director of Information and Communication Technology Industries at the World Economic Forum. “The same technologies many organisations have become so dependent upon over time can also threaten their very core. This is why we’re launching a Future of the Internet initiative in Davos, including this critical Cyber Value-at-Risk framework.”

The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created in collaboration with Deloitte and encompasses the detailed input of 50 leading organisations from around the world.

The purpose of the Cyber Value-at-Risk approach is to help organisations make better decisions about their investments in cyber security, develop comprehensive risk management strategies and stimulate the development of global risk transfer markets.

Also, the new framework helps organisations address questions such as how vulnerable they are to cyber threats, how valuable the key assets at stake really are and who might be targeting them.

The World Economic Forum framework requires organisations to understand key cyber risks and the dependencies between them. It will also help them establish how much of their value they could protect if they were victims of a data breach and for how long they can ensure their cyber protection.

The Internet must remain “free, open and secure”

Commenting on this development, Jacques Buith (managing partner at Deloitte Risk Services) outlined: “We need to be able to quantify cyber risks if proper cyber resilience assurance is to be achieved. Only then will management Boards be able to take sound risk-reward decisions in this volatile world and thus secure their organisations’ cyber resilience. We’re proud to have been given the opportunity to work alongside the World Economic Forum on a framework to quantify cyber risks. The World Economic Forum’s network enables as many organisations as possible to use these insights in protecting themselves against cyber attacks and, in turn, providing for a safer digital world.”

Mark Rutte, Prime Minister of the Netherlands, opined: The Internet has become a key strategic resource for citizens, companies and Governments alike. In order to fully realise its enormous potential for growth and innovation, Governments and the private sector need to work together in ensuring that it remains free, open and secure.”

The Netherlands, of course, is a leader in the field of Internet access, the use of e-mail, social media and mobile data. At the Global Conference on Cyber Space to be held in The Hague between 16-17 April, the challenges ahead will be discussed by all of the major stakeholders from the public and the private sector.

TK Kurien, CEO at Wipro, added: As part of Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, we’ve been working together with members of the initiative to advance the Cyber Value-at-Risk estimation. At Wipro, for example, we have developed a model that has helped us build a more structured view of our risk profile and make more fact-based investments and policy decisions.”

Kurien continued: “We’re also in active engagement with our customer Boards and management teams to help them better appreciate risks and ultimately transform their security profiles. We hope this approach will serve other organisations well as they develop their own cyber resilience strategies.”

Davos focus on cyber security “must be matched by action”

Reacting to the World Economic Forum’s report that estimates a $3 trillion cost to the global economy if cyber security isn’t taken seriously, Phillip Hodgins (principal advisor at KPMG) argues that instilling fear in international businesses is counter-productive.

“Companies are constantly embracing new technologies and digital platforms to improve efficiencies and customer experience,” said Hodgins. “Understanding the risks that come with these ambitions is important, but there’s a very real risk that innovation can be stifled by fear if business leaders are bombarded by messages of doom.”

Hodgins continued: “It’s a mark of the collective progress made by Governments and corporate IT teams over the past 12 months that cyber security is now very much a Boardroom concern. However, for it to stay that way then executives need a clear understanding of its relevance to their own organisation. That way, the right decisions can be made and appropriate steps taken to better manage the risk.”

In conclusion, Hodgins told Risk UK: “Managing cyber risk should be about what you can do, not what you cannot do. All-too-often it’s the case that security measures are seen as restrictive. Organisations that regularly review their cyber risk exposure and understand the link to their business objectives can feel free to benefit from a more efficient investment in security and continue to grow both market confidence and trust.”

*Download your copy of Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats

**More than 2,500 participants from over 140 countries (ncluding 40-plus heads of state or Government) convened at the 45th World Economic Forum Annual Meeting which took place from 21-24 January 2015 in Davos-Klosters, Switzerland

Only one third of businesses use big data in strategic decision-making process

Only 31% of businesses have significantly restructured their operations to help big data be at the heart of every business decision. That’s according to new research from EY examining how companies are currently using big data analytics to find, measure, create and subsequently protect value across the business.

The EY report ‘Becoming An Analytics-Driven Organisation to Create Value‘ suggests that most companies are still using analytics in an isolated way to address specific business issues, limiting the potential value to increase both performance and efficiency.

At the same time, it emerges that 50% of businesses do not trust their own data.

The EY report is based on a survey of 270 senior executives who responded to questions on all aspects of their data strategy. Those respondents are active stakeholders in big data projects. All departmental functions and industry sectors are represented, with the majority of respondents working in finance, marketing and IT as well as cross-departmental management roles.

Herman Heyns, EY’s head of big data and analytics for the UK and Ireland, commented: “Data can be the lifeblood of an organisation if it’s allowed to flow freely across the entire ecosystem. As our research shows, building the right organisational structure and governance framework to support value-driven decision-making remains a challenge for many businesses. Those organisations need to invest in the necessary skills, structure and data governance to help them build a data strategy that’s trusted, valued and supported by key stakeholders.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts