A missing piece of the cyber picture: Economic incentives to be good at it
Summary
In the lead-up to its Annual Meeting a World Economic Forum (WEF) note outlines in some detail the steps that boards and C-suites should take to better tackle cybersecurity risk—a top-five risk in its 2020 Global Risks Report. The report poses the question, beyond the rising damage caused by cyber breaches, what incentives for investment and improved approaches exist? Though an increasing number of market players such as insurers and ratings firms are getting in the fray, “coherence, however, is still missing,” according to WEF.
In WEF’s view, “Trusted and verified cybersecurity ratings are needed to improve assessment and comparability across peers. This not only helps to evaluate organizations’ resilience, but could increasingly guide consumer, citizen, and investor decisions.”
Report
Analysis
For five years running, WEF’s Global Risks Report has listed cyber in the top five of all global risks. It rightly defines cyber as a systemic risk and issues a call to action for boards and C-suites that are fundamental to improving cyber governance. As attention from market participants grows alongside the economic losses, the absence of ‘trusted and verified cyber ratings that improve assessment and enable peer comps’ has held back our ability to tackle cyber with both market solutions and policy/regulation (where Europe continues to lead the way).
In our view, history tells us that corporate behavior will change and governance will improve, including on privacy issues, when we find the right mix of regulation and economic solutions. The right policies and market incentives for good cyber governance can help more companies stem the losses and better manage the downsides of digital transformation. Trusted and verified ratings are an important part of the solution.