Traditional cyber security is outdated. The new approach to cyber security is based on cyber resilience.
The World Economic Forum (WEF) recently published a report emphasising the need for a paradigm shift in cyber security, moving the focus from protection alone to cyber resilience.
This approach aims to ensure that organisations can continue to operate effectively in the event of significant cyber incidents, thereby protecting their business and their customers.
Cyber resilience as a new standard
Historically, the focus of computer security has been on preventing attacks.
However, as threats evolve and digital systems become more complex, the WEF recommends making cyber resilience a strategic priority. This refers to an organisation’s capacity to swiftly adapt and recover from adverse events while minimising their operational and reputational impact.
The WEF emphasised the importance of shifting from a “security by design” to a “resilience by design” approach. This implies creating systems that are secure, flexible and adaptable, and capable of evolving in response to emerging threats.
The main emerging threats
The report highlights several emerging threats to cyber resilience.
- Expanding attack surface: The exponential growth in the number of connected devices increases the number of potential entry points for cyber threats.
- Generative artificial intelligence: Although it offers opportunities, it can also be used to create more sophisticated attacks, such as advanced phishing and deepfakes. According to the World Economic Forum (WEF), 56 per cent of leaders believe that generative AI gives attackers an advantage over defenders.
- Disinformation: Using AI to spread false information poses a significant threat to democratic processes and social stability.
- Vulnerability in the supply chain: 41% of organisations that have experienced a significant incident in the last 12 months attribute it to a third party. This highlights the need for more careful management of suppliers and partners.
- Regulatory challenges: Technological advances often outpace existing regulatory frameworks, creating governance gaps.
- Shortage of IT skills: 52 per cent of public organisations report difficulties in attracting and retaining IT security talent and experts. Only 15 per cent of these organisations expect an improvement in skills within the next two years.
Disparities between regions and sectors
The WEF also highlighted significant disparities in the ability to respond to cyber attacks. These disparities exist between different regions and sectors.
- Regional differences: In Africa and Latin America, for example, 36% and 42% of organisations respectively express low confidence in their country’s ability to respond to major cyber incidents. In Europe and North America, however, this percentage is much lower at 15%.
- Public vs. private sector: 38% of public sector organisations report insufficient resilience, compared to just 10% of medium and large private companies.
key recommendations
The report highlights several recommendations to improve cyber resilience, including:
- Investment in research and development: Increased funding for quantum-resistant cryptography and AI-based cybersecurity tools.
- Cross-sector collaboration: Building stronger partnerships between the government, industry and academia to share knowledge and address cybersecurity challenges collectively.
- Regulatory adaptation: The development of flexible regulatory frameworks that strike a balance between innovation, safety and ethics when adopting emerging technologies.
- Planning for cyber resilience: Develop comprehensive incident response plans that consider emerging threats and ensure rapid recovery.
- Governance structures: The establishment of governance structures to guide the ethical and safe development of emerging technologies.
In conclusion, the WEF report emphasises the necessity of shifting the focus of cyber security management from protection to resilience. An integrated and collaborative approach involving all stakeholders in the digital landscape is essential to effectively address emerging challenges and ensure a secure and reliable digital future.
