In a matter of weeks, the pandemic forced the global economy and society, organizations, and individuals to become more reliant than ever on the internet and the digital economy. According to the Forum’s COVID-19 Risks Outlook: A Preliminary Mapping and its Implications, cyberattacks, and data fraud are considered the most likely technological risks of COVID-19 for the world, and the third of greatest concern overall owing to abrupt adoption of new working patterns.
To support business leaders responsible for reinforcing the cyber resilience of their organizations in an unforeseen, instantaneous new reality, the World Economic Forum today launched The Cybersecurity Leadership Principles: Lessons learned during the COVID-19 pandemic to prepare for the new normal.
All leaders and organizations are pressured to adapt business models faster than anyone was prepared for, to ensure existential survival. The principles provide a framework for responsible decision-making and action in this crucial period to help organizations balance short-term goals with medium- to longer-term imperatives.
To bolster cyber resilience and secure operations, they urge leaders to:
- Foster a culture of cyber resilience
- Focus on protecting the organization’s critical assets and services
- Balance risk-informed decisions during the crisis and beyond
- Update and practice response and business continuity plans as the business transitions to the “new normal”
- Strengthen ecosystem-wide collaboration.
“Due to COVID-19, businesses must accelerate their digital transformation to harness the benefits while striking a balance between agility, scalability, efficiency, profitability, and cybersecurity,” said Georges De Moura, Head of Industry Solutions, Centre for Cybersecurity, World Economic Forum. “The confluence of these disruptive forces is impacting critical functions and industry ecosystems globally.”
“This crisis has prompted a step-change in our reliance on digital channels. We are managing the associated risk by following appropriate principles, including fostering a greater culture of cyber resilience and strengthening collaboration with external stakeholders”, said Sandro Bucchianeri, Group Chief Security Officer, Absa Group.
“The principles highlighted in this report will help businesses take an overall approach that combines cybersecurity with system engineering and operations to prepare for and adapt to changing conditions, and to withstand and recover rapidly from disruptions caused by cyberattacks and crisis scenarios,” said Mark Hugues, Senior Vice President Security, DXC Technology.
Known before the pandemic, the relevance and benefit of the principles and imperatives are underscored by the new reality, its pace, and scale. COVID-19 is confronting every organization with the limits of its ability to learn and change in an environment where speed is everything and where delaying key decisions can have a dramatic impact on business operations.
With the instantaneous shift to the digital realm, cyber resilience and cybersecurity are no longer theoretical nice-to-haves: companies – and countries – have become painfully conscious of the fragility of the critical systems upon which they vitally depend and that must be secure and resilient.
“In the urgent management of near-term challenges, responsible business leaders must incorporate cyber resilience in the business operating model and invest in capabilities to anticipate, withstand, recover from and adapt to adverse conditions and cyberattacks, to position the business for its success beyond the pandemic conditions,” De Moura said.
According to the report, this approach and the rigorous application of the principles will help organizations earn the trust of employees, customers, and business partners, and help to successfully adapt in an increasingly ambiguous and fast-moving world.