Unprecedented digitalization in our society has pushed many business leaders and executives to understand how they can adequately assess and govern cyber risk according to a new blog by World Economic Forum (WEF).
The new WEF blog says that governing cyber risk is a holistic process aiming to improve organizational cyber resilience. In this context, governments define cyber resilience obligations, designate critical infrastructure that requires mandatory protection and help investors better compare their companies’ cyber efforts.
Successfully managing cyber resilience is necessary as organizations and executives face fines and other serious consequences. Potential repercussions mean board members must understand cyber risks and the best ways to mitigate them.
This is easier said than done. The blog says 93% of companies are confident in their best practices mitigating cyber risks, while 57% expect to be hit by a cyber attack. Unfortunately, only half of these organizations have implemented suitable cyber measures.
In 2021, the WEF and its partners published the Principles for Board Governance of Cyber Risk (the Forum’s Cyber Risk Principles), critical to driving resilience across industries. These guidelines (initially developed for corporate boards of directors) are summarized in six principles:
Recognize that cyber security is a strategic business enabler.
Understand the economic drivers and impact of cyber risk.
Align cyber risk management with business needs.
Ensure organizational design supports cyber security.
Incorporate cyber security expertise into board governance.
Encourage systemic resilience and collaboration.
These principles represent a significantly different approach to resilience compared to how organizations delegate cyber security to IT, have a misplaced perception of the strategic nature of cyber risk and keep breaches under wrap.
“Adopting the Forum’s Cyber Risk Principles demonstrates that individual organizations can significantly improve their cyber resilience without raising costs,” the release said.