The great digital shift
The COVID-19 pandemic has underscored the importance of incentivizing cybersecurity in technological development. The security and privacy features in technology are more vital than ever as the majority of public and private communications and operations have shifted to the digital domain. Recent research shows that 93% of executives are willing to pay almost 25% more for more secure devices and technology.
The purpose of this insight report is to provide tools and guidance for entrepreneurs, innovators and investors to enable them to improve security features in new technologies and incorporate cybersecurity features from the get-go. We present here a number of essential cybersecurity requirements to be taken into account when developing new technology, innovation and new companies, to maximize their resilience.
Not so fast
Entrepreneurs have a twofold responsibility: to ensure that their companies and products are digitally secure and that they have a recovery plan ready to activate should hackers succeed. This is all the more important for small and medium-sized enterprises, to which a cybersecurity incident could be fatal or significantly diminish its valuation and attractiveness for investment.
Today there is aserious imbalance between the time to market and the time to security. Market forces pressure for shiny new products and tech gadgets or applications, they care little about the security embedded in a new technology. The current trend rewards entrepreneurs who develop new products as fast as possible and market them at the earliest availability, disregarding that this creates an enormous attack surface of ever newer products filled with vulnerabilities for cyber criminals to exploit. Were entrepreneurs and innovators encouraged and incentivized to prioritize security features in their product development from the very beginning, a much safer cyber space would be incrementally possible.
Consumer behaviour is changing and consumer concerns about privacy and security are growing, inevitably leading to changes in market forces. Clearly these changes must incite entrepreneurs to understand the importance of cybersecurity when launching new products, innovating and developing new entities. Investors, on the other hand, must have the tools they need to evaluate the state of cyber preparedness of their potential investments.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.
Our community has three key priorities:
Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.
Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.
Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.
Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.
The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.
For more information, please contact us.
In the building of innovative business models and technology solutions, cybersecurity is essential to protecting data, intellectual property, online transactions and ensuring user trust. Digital technologies are introducing new vulnerabilities faster than they can be secured and the prospect of curbing cyberattacks diminishes with each additional unsecured technology. Technologies are at increased risk because cyberattacks could cause more traditional, kinetic impacts as technology is being extended into the physical world, creating a cyber-physical system. Without security, anything connected to the internet, from a vehicle to a medical device, can be hacked, exploited and presents a threat to an organization.
We should not forget... that entrepreneurs are typically small and medium-sized enterprises (SME) and that SMEs represent about 90% of businesses and more than 50% of employment worldwide. Cyber-related incidents could have a dramatic impact on their survival.—Martina Cheung, President, S&P Global Market Intelligence
More businesses are understanding that cybersecurity is an enabler of the everyday operations and its significance will only increase in the future. In terms of successful business conditions, cybersecurity is a business management challenge that requires a strategic and unified approach across all business units to ensure its most effective implementation.
4 things to know about cybersecurity
1Cybersecurity is an enabler of the everyday operations of most businesses today and its significance will only increase in the future.
2It is vital for the founders of and investors in a new business to commit to cybersecurity if they are to succeed in building cyber capabilities and foster a cyber-focused environment.
3The successful future of our digital economies depends on integration of cyber essentials from the get-go of technological development.
4Cybersecurity must be an ongoing, dynamic process, requiring regular assessment of risk and consideration of what else might be needed to reduce risk to acceptable levels and according to evolving business needs and challenges.
Cyber essentials: how to build security into tech innovation
The cyber essentials developed by the World Economic Forum and its partners consist of core cybersecurity principles and requirements to be applied when developing new companies and innovation. They represent what the Forum’s Centre for Cybersecurity and its partners consider to be the most important requirements that, if implemented, will provide a robust cybersecurity framework encompassing organizational, product and infrastructure security.
The successful future of our digital economies depends on integration of cyber essentials from the very outset of technological development. Incorporating cyber essentials in business processes and corporate culture must be an continuous process, not a once-a-year audit or compliance effort. The commitment to prioritizing cybersecurity rather than considering it as an afterthought must be firmly rooted in and throughout the corporate culture, product and services development cycle. A detailed cybersecurity programme and strategy does not have an end goal, but rather must be adapted and adjusted on regular basis.
The cyber essentials proposed in this report were developed by a community of stakeholders involving executives from technology companies, investment firms, credit rating agencies, entrepreneurs, academics and public-policy experts. The proposed cyber essentials are:
- Organizational security:
- Product security:
Security by design
Privacy by design
- Infrastructure security:
Third party security
Readers of this report will find a detailed description of each cyber essential followed by practical steps for entrepreneurs on their implementation and guidance for investors on how to validate them. It is important to emphasize that cyber essentials need to be tailored to each organization, based on its size, nature and type of product.
A matter of survival
The technology is here to stay and flourish: there are no “digital rollback” plans. Consequently, entrepreneurs and innovators have a responsibility to respect technology as an essential component of daily life and consumers must demand security and safety standards as they do of other essential products and services.
Everyone needs to step up: users and consumers, governments and regulators, corporations and investors. The successful future of our digital economies depends on integration of cybersecurity principles like privacy and security by design from the get-go of technology development.—Bruce Schneier, Lecturer, Harvard Kennedy School of Government
The cyber essentials focus on improving the security baseline across technology innovation. Over time, implementing the fundamental security and privacy features in technology will reduce the frequency, scale and success of cyberattacks and breaches, resulting in substantially more robust cybersecurity across industries and geographies.
Incorporating cybersecurity in technology from the very start of its development is no longer an option; it underpins the survival and stability of our economic systems, the transparency, sustainability and trust in our communication tools. It is a matter of national and international security.