Global cyber executive briefing
Lesson from the front lines
In a world increasingly driven by digital technologies and information, cyber-threat management is more than just a strategic imperative. It’s a fundamental part of doing business. Yet for many C-suite executives and board members, the concept of cybersecurity remains vague and complex.
Although it might be on your strategic agenda, what does it really mean? And what can your organisation do to shore up its defenses and protect itself from cyber-threats? A common myth is that cyber-attacks only happen to certain types of organisations, such as high-profile technology businesses. However, the cold, hard truth is that every organisation has valuable data to lose. In fact, the attacks that happen most frequently are completely indiscriminate – using scripted, automated tools that identify and exploit whatever weaknesses they happen to find.
Cyber-attacks can be extremely harmful. Tangible costs range from stolen funds and damaged systems to regulatory fines, legal damages, and financial compensation for injured parties. However, what might hurt even more are the intangible costs - such as loss of competitive advantage due to stolen intellectual property, loss of customer or business partner trust, loss of integrity due to compromised digital assets, and overall damage to an organisation’s reputation and brand - all of which can send an organisation’s share price plummeting, and in extreme cases can even drive a company out of business.
Being resilient to cyber-risks starts with awareness at the board and C-suite level; a recognition that at some point your organisation will be attacked. You need to understand the biggest threats, and which assets are at greatest risk - the assets at the heart of your organisation’s mission.
Who could potentially target your organisation, and for what reasons? Which assets are attackers likely to view as most valuable? What are the possible scenarios for attack, and what is the potential impact to your business?
Questions such as these can help determine how advanced and persistent the cyber-threats to your business are likely to be. This insight allows you, as a C-suite executive or board member, to determine your organisation’s risk appetite and provide guidance that helps internal and external security professionals reduce your risk exposure to an acceptable level through a well-balanced cyber-defense. Although it isn’t possible for any organisation to be 100 percent secure, it is entirely possible to use a mix of processes for prevention, detection, and response to keep cyber-risk below a level set by the board and enable an organisation to operate with less disruption.
To be effective and well balanced, a cyber-defense must have three key characteristics: secure, vigilant, and resilient.
Secure: Being secure means focusing protection around the risk-sensitive assets at the heart of your organisation’s mission - the ones that both you and your adversaries are likely to agree are the most valuable.
Vigilant: Being vigilant means establishing threat awareness throughout the organisation, and developing the capacity to detect patterns of behaviour that may indicate, or even predict, compromise of critical assets.
Resilient: Being resilient means having the capacity to rapidly contain the damage, and mobilise the diverse resources needed to minimise impact - including direct costs and business disruption, as well as reputation and brand damage.
This executive briefing is a starting point for organisations to understand their most important cyber-threats. It highlights the top threats for seven key industry sectors - retail, manufacturing, e-commerce & online payments, online media, high technology, telecommunications, and insurance – and offers real-world stories and practical insights to help your organisation begin to assess its threat profile and stay a step ahead of cyber-criminals.
By highlighting real-life cases, we hope to make clear that being hacked is nothing to be ashamed of. Breaches occur at all organisations – not because they are badly managed, but because hackers and cyber-criminals are getting smarter every day. By sharing information about breaches we can learn how to better protect ourselves – an imperative being promoted by the Partnering for Cyber-Resilience1 initiative of the World Economic Forum.
The stories clearly show that breaches are inevitable: your organisation will be hacked someday. They also show that we all depend on each other for a resilient cyber-space. For example, online media can be used to spread malware; vulnerabilities in the high-tech sector affect other industries that use digital technology; and disruption in online payments impact e-commerce. By sharing and understanding these cases and taking responsibility at the C-suite and board level, we can all work together towards a safer cyber-space.
Please download the report for more information.