As challenges within the digital landscape continue to evolve,
the World Economic Forum’s report on the Global Cybersecurity Outlook in 2023 noted that the vast majority of cyber (96%) and business (86%) leaders think it “moderately” or “very” likely that global geopolitical instability will lead to a far-reaching, catastrophic cyber event in the next two years.
The World Economic Forum states that sustained multistakeholder collaboration between organizations and society is needed to ensure our shared resilience. Cyber leaders and executives must co-develop strategic foresight that steers effective decision-making to manage cyber threats.
Resilience believes we must work as a global team to disincentivize incidents by reducing threat actors’ likelihood of success through a Cyber Resilience approach. Through this approach, Resilience has helped our client base reduce financial loss and become more resilient against threats like ransomware, with just 15% of impacted clients choosing to make an extortion payment in the first half of 2023, compared to the 39.5% average reported by Resilience’s Incident Response partner Coveware over the same time period.
With the World Economic Forum’s recent focus on fighting cybercrime, we hope to see a Cyber Resilience approach become a key component in the global cybercrime strategy.
97% of cyber-attacks are motivated by financial gain.
Losses from cybercrime are predicted to eclipse $10.5 trillion by 2025. This will significantly outpace both the investment in cybersecurity ($1.75t by 2025) and the capacity coverage from cyber insurance available ($900B Limits by 2025).
Verizon’s recent Data Breach Investigations Report concluded that 97% of cyber-attacks are motivated by financial gain. Therefore, making incidents less lucrative for threat actors could help stop cybercrime at the source.
Threat actors have a lot to gain and very little to lose when conducting a cyberattack. According to the Third Way Think Tank, approximately 0.3% of reported cybercrime complaints are enforced and prosecuted, or only 3 out of 1,000 incidents. Considering the incredibly low likelihood of being charged and the high likelihood of financial gain, cybercriminals feel empowered to rely on tactics like ransom as a consistent source of income.
The free enterprise system of the global cybercrime industry is contingent on the idea that some or most victims will make a payment. Consider, for example, bank robbery, which reached its peak in the 1990s. Infamous robber Willie Sutton was quoted saying he robs banks because “that’s where the money is.” As forces such as inflation and stronger security measures came into play, bank robberies became far less lucrative and now occur less frequently than they have in over half a century. As bank robbery became less financially rewarding, the rate of occurrence decreased in tandem.
Now, within the digital realm, we need to instigate a similar shift: creating new and more stringent security barriers and reducing financial gain for threat actors will be imperative in stopping cybercrime at the source. Luckily, this objective mirrors the goal of Cyber Resilience: reducing financial loss to organizations.
By reducing losses to impacted organizations, we simultaneously reduce the profitability of the incident.
Focusing on reducing loss to reduce profitability could be incredibly effective if widely implemented and closely adopted. By making cyber incidents more challenging to conduct and less financially rewarding as a global unit, we can effectively make cybercrime less worthwhile for threat actors. But how do we reduce profitability, or how do we reduce financial losses?
To build effective defenses against plausible losses, organizations must first identify what they stand to lose– or their value at risk. From there, they must prioritize mitigating this risk through cybersecurity and transferring risk off their balance sheet via insurance. That’s how organizations can begin to answer the question, “Are we cyber resilient against material losses?”
Rather than simply asking, “Are we secure,” this question considers both the technical and financial aspects of managing cyber risk. Integrating the silos of security, finance, and risk using dollars and cents leads business leaders to prioritize strategies based on what’s right for the business, which fosters efficiency and effectiveness.
Organizations must develop Cyber Resilience strategies
The World Economic Forum’s global cybercrime initiative is to help cyber leaders and executives co-develop strategic foresight that steers effective decision-making to stay ahead of cyber threats on the horizon.
As a part of this initiative, Resilience CEO and Co-Founder Vishaal “V8” Hariprasad participated in the World Economic Forum’s Annual Meeting on Cybersecurity in Geneva, Switzerland, this week. Hariprasad discussed the trends that are shaping the future of risk in cybersecurity – including how AI can be leveraged by malicious actors to increase their cyber social engineering capabilities – and the strategies, tactics, and operations needed to improve resilience at a global scale amidst a rapidly developing threat landscape.
“The threat posed by cybercrime has reached systemic levels,” said Hariprasad. “It is no longer practical – or even possible – to defend against all possible threats. Instead, the future of cybersecurity will be defined by understanding cybercriminal business models, quantifying digital risk, and taking data-backed steps to minimize the risk of financial loss. It’s an approach we have built our company on here at Resilience, and it was a privilege to share that philosophy with public and private sector leaders from around the world.”
This is Hariprasad’s third appearance as a speaker at a World Economic Forum event. Earlier this year, he participated in a discussion on building cyber resilience in the face of ransomware attacks, and in November of 2022, he led an educational session on staying ahead of cyber criminal actors despite increasingly advanced and malicious tactics.
Learn more about Resilience and our comprehensive cyber risk solution at www.cyberresilience.com.