Speaking at the recent Nordic Data Privacy Arena in Stockholm, Cyberhedge Founder/CEO Ryan Dodd discussed how data privacy and cyber governance more broadly is fundamentally about money. As such, the challenges we (policymakers, regulators, companies, consumers) are wrestling with cannot be solved through regulation alone — they also require economic solutions.
Digitalization has been the largest contributor to global GDP growth over the past twenty years. It has transformed every industry sector while the top companies in the world are now technology companies. Traditional non-tech industry sectors are well regulated — everything from airworthiness standards in aviation to nutrition labeling for foods in consumer goods. Yet a company’s most valuable asset today — data — is not regulated.
Company’s love to espouse the awesome growth and cost savings benefits of digital transformation. But, what is often left out of the discussion is the fact that executives have often sacrificed security in the process.
In recent years, we have seen the rapid growth in C-suite and board recognition of cyber as a top business risk. It is now discussed in many board rooms, sometimes on a quarterly basis. But a few things are lacking. At a company level, there are no familiar financial metrics to understand, discuss and mitigate the risks — CISOs and the rest of the C-suite and board lack a common language they have for every other systemic businesses risk. Companies also lack economic incentives to improve cyber governance and how data is managed.
Consider the market incentives and entire industries that grew out from the last two major drivers of GDP growth in the past 40 years — globalization and securitization. History tells us that corporate behavior will change and governance will improve, including on privacy issues, when we find the right mix of regulation and economic solutions.