by World Economic Forum

Image: Unsplash/Markus Spiske

  • ‘Cybersecurity failure’ continues to feature as a critical threat, so it is vital that senior leaders get serious about tackling the issue, says the Head of Industry and Partnerships for the World Economic Forum’s Centre for Cybersecurity.
  • Low entry barriers, high rewards and a relatively low risk of prosecution make cybercrime attractive to bad actors.
  • Business leaders need to understand, prioritize and hardwire cyber-resilience into key strategic and operational decisions.

For too long, cybersecurity has been perceived as an IT problem and delegated to technology specialists. Yet as the threat increases, it needs to be seen not merely as a technical issue, but rather one of strategy, culture and cooperation. This requires business leaders to lead from the front when it comes to managing cyber-risk within their enterprises, so that the digital economy on which individuals, organizations and countries increasingly rely on, is safeguarded. Indeed, effective leadership – on cyber and other technology issues – will only become more critical as time passes.

That’s particularly important because the pace of change is accelerating, especially in the digital realm. Signs of increasing digitalization are everywhere. According to DataReportal, a research firm, more than five billion people around the world use the Internet, which means that over 63% of the global population is now online. Digitalization has also been integral to business transformation. According to Statista, another research firm, global spending on digital transformation will reach $2.8 trillion in 2025.

Yet amid these trends, another more sinister one lurks: bad actors are actively looking to exploit the vulnerabilities of individuals and organizations. The nature of cyberspace lends itself favorably to criminals for several reasons.

One, the entry barrier is low. For as little as $10 someone can buy simple attacks off the dark web, with even sophisticated ones costing only a few hundred dollars (so-called “cybercrime-as-a-service”).

Two, the risk of prosecution is relatively low. Unlike with physical crime, where the victim and the perpetrator are in the same jurisdiction, in cybercrime a criminal based in one country can launch an attack on an organization in another, with the proceeds being transferred to a third country. This makes prosecution difficult (and, by the way, makes it all the more important that collaboration is tightened between the private sector and law enforcement agencies everywhere).

Three, the rewards are attractive. According to Sophos, an IT security company, the average ransom payment for organizations hit by ransomware is almost $234,000, which can be paid using hard-to-trace cryptocurrency.