A surge in the global digital economy during the Covid-19 crisis has led to an alarming rise in cybercrime, which business leaders are failing to address effectively.
The World Economic Forum’s (WEF) Global Cybersecurity Outlook 2022 found ransomware attacks rose 151% in 2021. There were on average 270 cyberattacks per organisation during 2021, a 31% increase from 2020, with each security breach costing businesses about $3.6m. Aside from the financial cost, a public breach has seen the average share price of a hacked company underperform in the Nasdaq by -3%, even six months after the event.
Analyst GlobalData predicts the cybersecurity industry will be worth $238bn by 2030, up from $115bn in 2020. Though cyber risk has become a boardroom discussion, many companies are still lacking a proactive approach. The analyst predicts the number and severity of cybersecurity attacks will continue to rise as new technologies connect more networks.
Indeed, the WEF’s cybersecurity report revealed a critical perception gap between business executives (chief executive officers) and front-line cybersecurity professionals who say cybersecurity is not being prioritised in business decisions. While 92% of business executives surveyed by the WEF agreed that cyber resilience is integrated into enterprise risk management strategies, only 55% of security-focused leaders surveyed agreed with the statement.
Prioritising cybersecurity in every business decision is key to building the cyber resilience of an organisation, according to WEF cyber strategy lead Algirde Pipikaite. Many security leaders still say they are not consulted in business decisions, which results in security issues. This gap between leaders can leave companies vulnerable to attacks as a direct result of incongruous security priorities and policies.
Perhaps unsurprisingly, the ICT and financial sectors are leading the way on cybersecurity, Pipikaite told Investment Monitor. However, areas including healthcare, energy and water systems are lagging, mainly due to lack of resources and cybersecurity skills. The WEF’s survey found that 59% of all respondents would find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team. While the majority of respondents ranked talent recruitment and retention as their most challenging aspect, business executives appear less acutely aware of the gaps than their security-focused executives, who perceive their ability to respond to an attack with adequate personnel as a growing threat.
This lack of resources and a cybersecurity skills base makes small and medium-sized enterprises (SMEs) a key threat to supply chains, partner networks and ecosystems. The WEF’s research found 88% of respondents are concerned about cyber resilience of SMEs in their ecosystem.
On a larger scale, partnerships and communication between businesses and governments are essential, according to Pipikaite. “While we are developing our defences, and really upping our game, attackers are actually also upping their game,” she said. Automation, AI and the scanning of networks is much more effective than ever before thanks to 5G and can only be met head on with a coordinated approach. The problem is not one of technology, however. “We are lagging behind in sharing information in law enforcement agency interactions to actually go after cybercriminals,” said Pipikaite, who added that cybercriminals are successfully communicating and sharing information with one another on the Dark Web.
With increased investment in the global digital economy comes a parallel surge of foreign direct investment (FDI) into cybersecurity. For example, the UK’s Department for Digital, Culture, Media & Sport released its annual analysis of the UK cyber sector in February 2021, which revealed a record year for investment. The sector contributed more than £4bn ($5.4bn) to the economy and attracted £821m of investment.