January 20, 2014 - Failing to improve cyber security could cost the world economy and lead to more frequent cyberattacks, according to a new report released today by the World Economic Forum in collaboration with McKinsey & Company.
The Risk and Responsibility in a Hyperconnected World report addresses options that institutions can take to improve cyber resilience and mitigate the economic and strategic impact of such attacks. With the recent proliferation of cyberattacks, corporate executives need to devote increasing attention to protecting information assets and on-line operations.
The report notes that major technology trends, including massive analytics, cloud computing and big data, could create between US$ 9.6 trillion and $US 21.6 trillion in value for the global economy. However, if attacker sophistication outpaces defender capabilities - resulting in more destructive attacks - a wave of new regulations and corporate policies could slow innovation, with an aggregate impact of approximately US$ 3 trillion by 2020.
"Developing resilience to cyber risks in our economic and social systems is not a question of simply building walls for security," said Alan Marcus, Senior Director and Head of Information Technology and Telecommunications Industries at the World Economic Forum USA. "There are trade-offs to be made with other goals we wish to value, such as privacy, growth, innovation, and the free flow of goods and data. But to make good decisions, we need better data."
To protect against the strategic and economic effects of such costly attacks, the report outlines ways to build awareness, understanding and action with top public and private sector leaders. It also assesses the economic impact of concerns around cyber risks and proposes a global framework aimed at coordinating collaboration and provides a capabilities based-roadmap for businesses and governments.
"There needs to be a fundamental change in the way we protect ourselves from cyber attacks. Check-the-box compliance-based approaches simply don't work anymore," said James Kaplan, a Partner at McKinsey & Company. "Companies and public institutions need to build cybersecurity capabilities that are scalable, deeply integrated into the broader IT environment and focused on addressing the more important business risks."
The report draws on knowledge and opinions derived from a series of workshops and interviews from over 300 top global executives, government, civil society and experts from different sectors. It also includes additional survey data on cyber resilience capabilities, and provides a roadmap for collaborative action with which participants can gauge their current level of cyber risk capability and improve their readiness.
The World Economic Forum's Risk and Responsibility in a Hyperconnected World project is a global, multi-industry, multistakeholder endeavour to improve cyber resilience, raise business standards and contribute to a safer and stronger connected society. A series of workshops have advanced the discussion to produce valuable guidelines and best practice principles for senior leaders entitled the Principles and Guidelines for Cyber Resilience. Today, the partnership comprises more than 100 signatories.