Threatonomics

Resilience at the World Economic Forum

Sharing Our Perspective

by Davis Hake , Co-Founder & VP of Communications
Published

As challenges within the digital landscape continue to evolve,

the World Economic Forum’s report on the Global Cybersecurity Outlook in 2023 noted that the vast majority of cyber (96%) and business (86%) leaders think it “moderately” or “very” likely that global geopolitical instability will lead to a far-reaching, catastrophic cyber event in the next two years.

The World Economic Forum states that sustained multistakeholder collaboration between organizations and society is needed to ensure our shared resilience. Cyber leaders and executives must co-develop strategic foresight that steers effective decision-making to manage cyber threats.

Resilience believes we must work as a global team to disincentivize incidents by reducing threat actors’ likelihood of success through a Cyber Resilience approach. Through this approach, Resilience has helped our client base reduce financial loss and become more resilient against threats like ransomware, with just 15% of impacted clients choosing to make an extortion payment in the first half of 2023, compared to the 39.5% average reported by Resilience’s Incident Response partner Coveware over the same time period. 

With the World Economic Forum’s recent focus on fighting cybercrime, we hope to see a Cyber Resilience approach become a key component in the global cybercrime strategy. 

97% of cyber-attacks are motivated by financial gain. 

Losses from cybercrime are predicted to eclipse $10.5 trillion by 2025. This will significantly outpace both the investment in cybersecurity ($1.75t by 2025) and the capacity coverage from cyber insurance available ($900B Limits by 2025). 

Verizon’s recent Data Breach Investigations Report concluded that 97% of cyber-attacks are motivated by financial gain. Therefore, making incidents less lucrative for threat actors could help stop cybercrime at the source. 

Threat actors have a lot to gain and very little to lose when conducting a cyberattack. According to the Third Way Think Tank, approximately 0.3% of reported cybercrime complaints are enforced and prosecuted, or only 3 out of 1,000 incidents. Considering the incredibly low likelihood of being charged and the high likelihood of financial gain, cybercriminals feel empowered to rely on tactics like ransom as a consistent source of income. 

The free enterprise system of the global cybercrime industry is contingent on the idea that some or most victims will make a payment. Consider, for example, bank robbery, which reached its peak in the 1990s. Infamous robber Willie Sutton was quoted saying he robs banks because “that’s where the money is.” As forces such as inflation and stronger security measures came into play, bank robberies became far less lucrative and now occur less frequently than they have in over half a century. As bank robbery became less financially rewarding, the rate of occurrence decreased in tandem. 

Now, within the digital realm, we need to instigate a similar shift: creating new and more stringent security barriers and reducing financial gain for threat actors will be imperative in stopping cybercrime at the source. Luckily, this objective mirrors the goal of Cyber Resilience: reducing financial loss to organizations. 

By reducing losses to impacted organizations, we simultaneously reduce the profitability of the incident. 

Focusing on reducing loss to reduce profitability could be incredibly effective if widely implemented and closely adopted. By making cyber incidents more challenging to conduct and less financially rewarding as a global unit, we can effectively make cybercrime less worthwhile for threat actors. But how do we reduce profitability, or how do we reduce financial losses? 

To build effective defenses against plausible losses, organizations must first identify what they stand to lose– or their value at risk. From there, they must prioritize mitigating this risk through cybersecurity and transferring risk off their balance sheet via insurance. That’s how organizations can begin to answer the question, “Are we cyber resilient against material losses?

Rather than simply asking, “Are we secure,” this question considers both the technical and financial aspects of managing cyber risk. Integrating the silos of security, finance, and risk using dollars and cents leads business leaders to prioritize strategies based on what’s right for the business, which fosters efficiency and effectiveness. 

Organizations must develop Cyber Resilience strategies

The World Economic Forum’s global cybercrime initiative is to help cyber leaders and executives co-develop strategic foresight that steers effective decision-making to stay ahead of cyber threats on the horizon.

As a part of this initiative, Resilience CEO and Co-Founder Vishaal “V8” Hariprasad participated in the World Economic Forum’s Annual Meeting on Cybersecurity in Geneva, Switzerland, this week. Hariprasad discussed the trends that are shaping the future of risk in cybersecurity – including how AI can be leveraged by malicious actors to increase their cyber social engineering capabilities – and the strategies, tactics, and operations needed to improve resilience at a global scale amidst a rapidly developing threat landscape.

“The threat posed by cybercrime has reached systemic levels,” said Hariprasad. “It is no longer practical – or even possible – to defend against all possible threats. Instead, the future of cybersecurity will be defined by understanding cybercriminal business models, quantifying digital risk, and taking data-backed steps to minimize the risk of financial loss. It’s an approach we have built our company on here at Resilience, and it was a privilege to share that philosophy with public and private sector leaders from around the world.”

This is Hariprasad’s third appearance as a speaker at a World Economic Forum event. Earlier this year, he participated in a discussion on building cyber resilience in the face of ransomware attacks, and in November of 2022, he led an educational session on staying ahead of cyber criminal actors despite increasingly advanced and malicious tactics.

Learn more about Resilience and our comprehensive cyber risk solution at www.cyberresilience.com

About the Author
Davis Hake , Co-Founder & VP of Communications

Davis Hake is the Co-Founder and Vice President of Communications and Policy at Resilience Insurance. Prior to starting at Resilience in 2016, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, The White House, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is also currently an Adjunct Professor of Cyber Risk Management at the University of California, Berkeley and a Term Member of the Council on Foreign Relations.

You might also like

Resilience Threat Researchers Identify New Campaigns from Scattered Spider

Following their attacks on MGM and Caesars’ casinos, threat actor group Scattered Spider is believed to be behind attacks on multiple companies in the finance and insurance industries. Using convincing lookalike domains and login pages as well as efficiently timed attacks, the group is aggressively targeting a wider array of companies. We have also observed […]

Breach and Attack Simulations: A Proactive Approach to Loss Prevention 

Today’s CISOs and risk managers need to see around corners to proactively reduce risks before they turn into losses. Increasingly, CISOs also answer directly to the board of directors. No matter how tight you think your controls are or how big your budget is, I promise you things are happening in your environment that you […]

Seven Essential Steps to Vulnerability Management: Learnings from the Ivanti Exposures  

In light of the most recent Ivanti vulnerability, the importance of a robust vulnerability management strategy and incident response plan has never been clearer.  The Ivanti vulnerabilities, particularly CVE-2024-22024, unveiled on February 8th, 2024, serve as a stark reminder of the relentless nature of cyber threats. These vulnerabilities, which allow unauthenticated, remote attackers to access […]

Five Predictions on the State of Cyber Claims in 2024

Unravel the complexities of cyber risk with the 2023 Mid-Year Claims Report by Resilience. Dive into our analysis and predictions for the cyber insurance industry in 2024, including the pivotal role of AI and regulatory changes.

Knowing Your Risk Surface: A Risk-Focused Approach to Incident Response

After decades of more damaging and less predictable cyber attacks, modern cybersecurity practitioners have recognized the critical need to incorporate more risk-based approaches to their planning efforts. However, despite the continuing advances within the cybersecurity field, analytics firms are noting record years for cybercriminals and breaches against some of the most well-defended organizations in the […]