Cyber Disaster 2023?: Expert Report Raises Cyber Concerns

Are we seconds from disaster? Some experts warn it's likely within the next two years.

Cyber Disaster 2023?: Expert Report Raises Cyber Concerns

The year 2022 posed significant challenges for business security due to the conflict between Russia and Ukraine, which encouraged cyber criminals, and the growth of ransomware-as-a-service. Sadly, the World Economic Forum (WEF) and Accenture's Global Cyber Security Outlook 2023 foresees that the danger could escalate.

According to the research, a significant majority of business and cyber leaders, 86% and 93% respectively, hold the view that global political instability is likely to result in a devastating cyber incident within the next two years.

Furthermore, the study indicates that geopolitical turmoil is compelling organizations to reassess their investments, with 49% of both business and cyber leaders reporting that they would re-evaluate the nations in which their organization operates in response to political risks.

The study does however uncover a heartening discovery: organizations that incorporate cyber risk into their decision-making process exhibit higher levels of confidence in their cyber resilience and are more equipped to successfully rebound from cyberattacks.

As Geopolitical Conflicts Increase, Opportunities For Global Discussions Arise

Although these predictions are surrounded by uncertainty, there have been several widely publicized breaches in recent years that have garnered enough attention to be classified as catastrophic.  System breaches, infrastructure attacks, and data loss are all looming threats, tested and dealt with on a daily basis.  

As the conflict between Russia and Ukraine persists, the report highlights that geopolitical risk serves as a starting point for a broader dialogue between security and business leaders on the evolution of cyber threats and the potential impact of risk on continuity planning for business.

Initiatives will involve adopting reactive strategies, educating employees on proper responses, developing recovery plans, preparing for supply chain disruptions, and seeking alternative providers who can offer essential services in the case of any interruptions.

The Growing Disparity Between Understanding and Action Regarding Cyber-risk.

Another crucial discovery found in the report highlights the existence of a discrepancy in many organizations between being aware of cyber threats and actually taking the required actions to reduce these risks.

As an example, despite 86% of business leaders anticipating a catastrophic cyber incident in the next two years and 43% believing that their organization will be impacted, only a mere 27% have confidence in their organization's "cyber resilience."

“This is like saying you are fairly certain water will flood your house and there will be significant damage, but you are pretty sure you are not prepared for it,” said Paolo Dal Cin global lead of Accenture Security.

Looking ahead, security leaders will need to integrate cyber risk management into top-level decision-making, in part through better strategies to improve communication with the board. One effective method to achieve this is by refining their ability to express risk in terms of business outcomes.

“Business leaders know they have to do more to embed cyber-risk into decision-making because cyber-resilience equals business resilience. It requires a closely coordinated team effort across the C-suite to gain a clearer view of current and emerging risks so security can be embedded across all the strategic business priorities and protect the digital code,” Dal Cin said.

Re-Educating The Cyber Skills Gap, Training For A New Era Of Safety And Security.

Finally, the report does offer a few solutions for addressing the cyber skills gap in organizations. This ultimately involves optimizing the use of both generalists and specialists to ensure a secure and reliable environment.

As we’ve come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided.” - Art Wittmann

The report advises organizations to shift their focus from competing for a limited pool of highly sought-after, highly skilled cybersecurity professionals, to expanding the pool of cybersecurity talent. This can be achieved by "widening the perspective on who can pursue a career in cybersecurity."  This entails empowering and educating individuals with non-technical backgrounds, and those from underrepresented groups, providing them with opportunities for retraining through on-the-job learning, continued education, and apprenticeships.

source: The World Economic Forum's Global Cybersecurity Outlook 2023

What are your thoughts? Are we truly seconds from disaster?  Join the conversation, and become a community member today.