“Don’t find fault, find a remedy”, as the industrial pioneer Henry Ford used to quip. When it comes to cybersecurity today, both fault and remedy have for too long been left to the IT department. Yet in the Fourth Industrial Revolution, where ubiquitous connectivity and digitalization underpin socio-economic progress and prosperity, it is the responsibility of top public and corporate leaders to take ownership of this challenge.
As cyberattacks grow in sophistication and frequency, strategic decision-making is required to allow for more informed investment and resourcing in order to enhance preparedness and resilience. This is the first of 10 key messages and recommendations to come from over 150 cybersecurity leaders and practitioners who participated in the World Economic Forum Annual Meeting on Cybersecurity in November last year.
As a first step, board and C-Suite members as well as high-level policy-makers need to gain a better understanding of the cyber-risks to which their organization, municipality or country are exposed. This does not mean becoming full-on technical experts; technical expertise rests with the ICT and information security departments or contracted cybersecurity service providers. What urgently needs to improve is the communication and translation of cybersecurity issues between practitioners and leadership. If corporate and government leaders have a strong grasp of their entity’s vulnerabilities and which critical assets are at risk, they can take timely strategic decisions on investment and resourcing to bolster their organizations’ resilience and safeguards. The recent downgrade of Equifax by Moody’s showed that cybersecurity readiness is increasingly priced in, and requires a holistic approach to be successful.”