Threatonomics

Resilience at the World Economic Forum

Sharing Our Perspective

by Davis Hake , Co-Founder & VP of Communications
Published

As challenges within the digital landscape continue to evolve,

the World Economic Forum’s report on the Global Cybersecurity Outlook in 2023 noted that the vast majority of cyber (96%) and business (86%) leaders think it “moderately” or “very” likely that global geopolitical instability will lead to a far-reaching, catastrophic cyber event in the next two years.

The World Economic Forum states that sustained multistakeholder collaboration between organizations and society is needed to ensure our shared resilience. Cyber leaders and executives must co-develop strategic foresight that steers effective decision-making to manage cyber threats.

Resilience believes we must work as a global team to disincentivize incidents by reducing threat actors’ likelihood of success through a Cyber Resilience approach. Through this approach, Resilience has helped our client base reduce financial loss and become more resilient against threats like ransomware, with just 15% of impacted clients choosing to make an extortion payment in the first half of 2023, compared to the 39.5% average reported by Resilience’s Incident Response partner Coveware over the same time period. 

With the World Economic Forum’s recent focus on fighting cybercrime, we hope to see a Cyber Resilience approach become a key component in the global cybercrime strategy. 

97% of cyber-attacks are motivated by financial gain. 

Losses from cybercrime are predicted to eclipse $10.5 trillion by 2025. This will significantly outpace both the investment in cybersecurity ($1.75t by 2025) and the capacity coverage from cyber insurance available ($900B Limits by 2025). 

Verizon’s recent Data Breach Investigations Report concluded that 97% of cyber-attacks are motivated by financial gain. Therefore, making incidents less lucrative for threat actors could help stop cybercrime at the source. 

Threat actors have a lot to gain and very little to lose when conducting a cyberattack. According to the Third Way Think Tank, approximately 0.3% of reported cybercrime complaints are enforced and prosecuted, or only 3 out of 1,000 incidents. Considering the incredibly low likelihood of being charged and the high likelihood of financial gain, cybercriminals feel empowered to rely on tactics like ransom as a consistent source of income. 

The free enterprise system of the global cybercrime industry is contingent on the idea that some or most victims will make a payment. Consider, for example, bank robbery, which reached its peak in the 1990s. Infamous robber Willie Sutton was quoted saying he robs banks because “that’s where the money is.” As forces such as inflation and stronger security measures came into play, bank robberies became far less lucrative and now occur less frequently than they have in over half a century. As bank robbery became less financially rewarding, the rate of occurrence decreased in tandem. 

Now, within the digital realm, we need to instigate a similar shift: creating new and more stringent security barriers and reducing financial gain for threat actors will be imperative in stopping cybercrime at the source. Luckily, this objective mirrors the goal of Cyber Resilience: reducing financial loss to organizations. 

By reducing losses to impacted organizations, we simultaneously reduce the profitability of the incident. 

Focusing on reducing loss to reduce profitability could be incredibly effective if widely implemented and closely adopted. By making cyber incidents more challenging to conduct and less financially rewarding as a global unit, we can effectively make cybercrime less worthwhile for threat actors. But how do we reduce profitability, or how do we reduce financial losses? 

To build effective defenses against plausible losses, organizations must first identify what they stand to lose– or their value at risk. From there, they must prioritize mitigating this risk through cybersecurity and transferring risk off their balance sheet via insurance. That’s how organizations can begin to answer the question, “Are we cyber resilient against material losses?

Rather than simply asking, “Are we secure,” this question considers both the technical and financial aspects of managing cyber risk. Integrating the silos of security, finance, and risk using dollars and cents leads business leaders to prioritize strategies based on what’s right for the business, which fosters efficiency and effectiveness. 

Organizations must develop Cyber Resilience strategies

The World Economic Forum’s global cybercrime initiative is to help cyber leaders and executives co-develop strategic foresight that steers effective decision-making to stay ahead of cyber threats on the horizon.

As a part of this initiative, Resilience CEO and Co-Founder Vishaal “V8” Hariprasad participated in the World Economic Forum’s Annual Meeting on Cybersecurity in Geneva, Switzerland, this week. Hariprasad discussed the trends that are shaping the future of risk in cybersecurity – including how AI can be leveraged by malicious actors to increase their cyber social engineering capabilities – and the strategies, tactics, and operations needed to improve resilience at a global scale amidst a rapidly developing threat landscape.

“The threat posed by cybercrime has reached systemic levels,” said Hariprasad. “It is no longer practical – or even possible – to defend against all possible threats. Instead, the future of cybersecurity will be defined by understanding cybercriminal business models, quantifying digital risk, and taking data-backed steps to minimize the risk of financial loss. It’s an approach we have built our company on here at Resilience, and it was a privilege to share that philosophy with public and private sector leaders from around the world.”

This is Hariprasad’s third appearance as a speaker at a World Economic Forum event. Earlier this year, he participated in a discussion on building cyber resilience in the face of ransomware attacks, and in November of 2022, he led an educational session on staying ahead of cyber criminal actors despite increasingly advanced and malicious tactics.

Learn more about Resilience and our comprehensive cyber risk solution at www.cyberresilience.com

You might also like

Digital Risk: Enterprises Need More Than Cyber Insurance

What you need to know: Artificial Intelligence at the Heart of Cyber

As AI technologies become more embedded in cyber strategies, they enhance the capabilities of threat actors while also offering innovative defenses to organizations [1]. AI tools can amplify adversaries’ traditional Techniques, Tools, and Procedures (TTPs) by automating the generation of sophisticated threats such as polymorphic malware — which can dynamically alter its code to evade […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Should you quit CrowdStrike?

The three weeks since the July 19 Crowdstrike outage now known as the ‘Channel File 291 Incident’ have likely been some of the longest ever for IT teams. Just like when Wannacry ricocheted around the world in 2017, people collectively freaked out when BSODs (blue screen of death) began showing up in airports, hospitals, and […]

third-party cyber risk management

Navigating Cyber Threats: The Role of Dark Web Intelligence in Protecting Your Business

The dark web, accessible only through specific software, stands out for its encryption and privacy, which unfortunately also makes it a hotspot for illegal activities such as data breaches and illicit trade. The anonymity it offers users is a double-edged sword, presenting challenges and opportunities in cybersecurity. For businesses, especially those operating in industries like […]