Failing to increase cyber-security measures in companies across the world could cost the global economy up to $3tr, a World Economic Forum report warned, and is urging firms to sign up to a new “framework” to prevent cyber-attacks.
The framework, called “cyber value-at-risk”, was introduced at the World Economic Forum Annual Meeting in Davos and proposed a new way for companies to assess the impact of cyber-attacks.
“Continuous cyber-attacks on global organisations are showing that we are at a crossroads,” said Alan Marcus, senior director of information and communication at WEF.
According to new figures, around 90 per cent of the companies worldwide lack the knowledge or technological capabilities to protect themselves against cyber threats.
In order to measure the immediate impact in the event of an attack, the framework includes three main components: the assets under threat, profile of the attacker and their motivation and information about existing vulnerabilities and defences within the company.
“We need to be able to quantify cyber risks if proper cyber-resilience assurance is to be achieved,” said Jacques Buith, managing partner at Deloitte Risk Service.
“Only then will management boards be able to take sound risk/reward decisions in this volatile world and thus secure their organisations’ cyber resilience,” Buith added.
More than that, unless defender capacities outrun attacker sophistication, it could slow down innovation worth $3tr in value for the global economy, the paper revealed.
“There needs to be a fundamental change in the way we protect ourselves from cyber-attacks. Check-the-box compliance-based approaches simply don’t work anymore,” said James Kaplan, a partner at McKinsey & Company, who took part in the research.
According to the 2015 edition of the Global Risk report, cyber-attacks remain among the most likely high-impact risk. The report warns about the challenges that cyber-security poses, including the sophistication of cyber-attacks and the “rise of hyperconnectivity”.
The increasing popularity of the Internet of Things (IoT) network and the boom of smart gadgets put more sensitive personal data at risk, according to the report, including health and finance information.