-
Widening resilience gap among organisations
ONOME AMUGE
A rapidly widening gap among organisations around the world on cyber-resiliency in a breakneck speed evolving digital landscape is threatening global cybersecurity outlook with far-reaching implications for businesses, governments and individuals, warns a new report from the World Economic Forum (WEF).
The WEF report noted a worrying trend of increasing cyber inequity around the world, with 90 percent of executives surveyed indicating that urgent action is needed to address this issue. It also found that 81 percent of those surveyed feel more or equally exposed to cybercrime than they did last year, indicating that the problem is only getting worse.
The 2024 Global Cybersecurity Outlook (GCO) identified a major divide between organisations that are cyber resilient and those that are not. The report attributes this cyber inequity to several factors, including the shifting threat landscape, economic trends, industry regulations, and the early adoption of new technologies by some organisations. The report also highlights the cost of access to innovative cybersecurity services, tools, skills, and expertise as a major barrier to building a more secure cyberspace.
While geopolitical tensions and economic instability are certainly major concerns, the report pointed to other risks that could have a significant impact on the cybersecurity sector in the coming year. These include widening cyber inequity, which means that many organisations will be left behind in terms of their cyber resilience. The report also noted the rapid development of emerging technologies, such as artificial intelligence, which can be both a tool for improving cyber resilience and a weapon for cybercriminals.
According to the report, the number of organisations that have reached a basic level of cyber resilience has decreased by 31 percent since 2022. This is concerning, as it means that fewer organisations are prepared to handle the ever-changing and complex cyber threats they face.
The report, produced in a collaboration between the WEF and Accenture, found that the gap between organisations that are well-prepared for cyber challenges and those that are not is widening at an alarming rate. It observed that the least capable organisations are stuck in a cycle of never quite catching up, falling further and further behind and putting the overall ecosystem at risk. This widening gap creates a vicious cycle, in which the least resilient organisations become increasingly vulnerable, making the system as a whole less secure.
A key finding of the report is that small organisations are disproportionately affected by cyber risks and challenges. The report found that smaller organisations are over twice as likely as larger organisations to report that they lack the cyber resilience they need to meet their critical operational requirements.
Another finding of the report is that organisations with the highest revenues are more likely to be confident in their cyber resilience than those with the lowest revenues. However, the report also found that smaller organisations are more likely to lack the cyber skills they need to meet their cyber resilience objectives. This discrepancy between the highest- and lowest-revenue organisations is troubling, as it suggests that the smallest and most vulnerable organisations may not have the resources or support they need to improve their cyber resilience.
The WEF report further explained, “The phenomenon is particularly alarming in light of the interconnected nature of the cyber ecosystem. One of the core measurements of cyber resilience is an understanding of your ecosystem, inclusive of assessments of supply-chain and third-party risk.
“For those large organisations reporting that they are leaders in cyber resilience, the emergence of this drastic drop in cyber resilience of small organisations should be especially alarming. Consider a 2023 report from SecurityScorecard and the Cyentia Institute, which found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years.
“This type of entanglement should be reason enough for those that are most cyber resilient to proactively help organisations in their ecosystem to move towards a healthier cyber posture,” the report advised.
The report, based on a series of surveys of industry experts and global executives about key cyber trends carried out between June and November 2023, examined the global cyber resilience gap and found that disparities exist across different geographies.
It is not surprising that Latin America and Africa have the lowest number of organisations that report being cyber resilient, as these regions often lack the necessary resources and infrastructure to support cyber resilience, the report stated.
North America and Europe, on the other hand, have the highest number of organisations that report being cyber resilient, likely due to their higher levels of development and investment in cybersecurity.
In addition to the prohibitive cost of cybersecurity, the WEF also highlighted other factors that contribute to the cybersecurity poverty line (CPL). These include lack of access to the necessary knowledge, skills, and resources, as well as inadequate infrastructure and regulation.
For example, it found that in developing countries, organisations often lack the necessary infrastructure to deploy cybersecurity solutions, or the personnel to monitor and maintain them, noting that this results in a digital divide that goes beyond financial resources, making it even more difficult for organisations in these regions to improve their cyber resilience.
The report emphasises that an organisation’s cyber resilience is not only dependent on its financial resources, but also on the knowledge and skills of its leaders, its ability to understand and adapt to evolving best practices, and its access to innovative technologies.
In fact, it states that these factors may be even more important than financial resources in determining an organisation’s ability to stay ahead of the curve.
According to the report, there are several factors that contribute to the widening cyber inequity gap. These include differences in organisational maturity, sectoral characteristics, and the ability to respond to universal cybersecurity challenges. The report also highlighted the significant financial costs associated with developing and maintaining adequate cyber resilience, which can be prohibitive for smaller organisations.
It noted that these factors combine to create a situation in which some organisations are able to stay ahead of the curve, while others are left behind.
Citing an analysis by Angel Gonzalez Sanz, head of science, technology and innovation at the United Nations Conference on Trade and Development (UNCTAD), the report noted that the digital divide, or unequal access to the internet and other digital technologies, is a useful parallel to the cyber inequity phenomenon.
It stated that just as some people and communities have better access to the internet than others, some organisations are better equipped to protect themselves from cyber threats, adding that this creates a divide between those who are well-protected and those who are not, which has significant implications for both individuals and organisations.
“Although 63% of the world’s population is connected to the internet; least developed countries still only count 27% of their populations as internet users,” Sanz pointed out.
The World Economic Forum stresses the importance of taking a proactive approach to addressing the challenges of 2024. It calls for leaders to think strategically about the future of cybersecurity, and to take concrete action to build resilience and trust. It also highlights the need for collaboration and innovation, urging leaders to work together to create a more secure and resilient digital future. The report concluded that a business-as-usual approach will not be sufficient to address the increasingly complex and rapidly evolving cyber threats the world faces.
