Barriers to better cyber information sharing similar to those for company transparency and disclosure–both need to be overcome


A recently released World Economic Forum (WEF) report on cyber information sharing calls attention to how “The COVID‑19 pandemic has led to rapid digital transformation in many workforces and sectors, further increasing the dependency of our global economy on digital infrastructure.”

According to WEF: “Trusted, secure and scalable cyber information sharing needs to be a foundational platform on which all participants of the digital ecosystem can rely.”



WEF is right to call for a need for more collective action across the private sector and between the private and public sectors around information sharing. It also points correctly to two key challenges:

  1. Lack of clear incentives: Without tangible short‐term incentives in place organizations are not likely to prioritize cybersecurity information sharing.
  2. Insufficient and fragmented public policy: GDPR has been a step forward but it alone is not enough, and the US has not followed in the footsteps of the EU yet.

There should be market-based incentives to be ‘good’ at cyber and to also disclose cyber performance against standard reporting metrics like those that exist for all other major business risks. We are working on the incentives piece by demonstrating through the cyber governance indices that markets reward good performance and punish bad performance.

In the report, WEF rightly calls cyber “one of the most systemically important issues facing the world today”. Yet the transparency and disclosure around the risks are woefully inadequate.

Earlier this year, Paul Rosenzweig of the R Street Institute called in Lawfare for cyber metrics that are "transparent, auditable, practical, scalable and widely agreed upon. This is now possible. The US Cyber Solarium Commission has put forward recommendations for disclosure in the US, and the SEC has issued guidance that represents steps in the right direction. But follow-through and more decisive action is needed from policymakers and regulators alike.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website