The World Economic Forum and its partners have developed a new way for organizations to calculate the impact of cyberthreats. The framework, called "cyber value-at-risk" comes at a time when cyberattacks are increasing in velocity and intensity, and when 90% of companies worldwide recognize they are insufficiently prepared to protect themselves against them.
"Continuous cyberattacks on global organizations are showing that we are at a crossroads," said Alan Marcus, Senior Director of the Information and Communication Technology Industries at the World Economic Forum. "The same technologies many organizations have become so dependent on can also threaten their very core. This is why we are launching a Future of the Internet initiative in Davos, including this critical cyber value-at-risk framework."
The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created in collaboration with Deloitte and with the input of 50 leading organizations from around the world. The report will be discussed at a session during the World Economic Forum Annual Meeting 2015.
The purpose of the cyber value-at-risk approach is to help organizations make better decisions about investments in cybersecurity, develop comprehensive risk management strategies, and help stimulate the development of global risk transfer markets. The framework helps organizations address questions such as how vulnerable they are to cyberthreats, how valuable the key assets at stake are, and who might be targeting them.
The framework requires organizations to understand key cyber-risks and the dependencies between them. It will also help them establish how much of their value they could protect if they were victims of a data breach and for how long they can ensure their cyber protection.
Jacques Buith, Managing Partner at Deloitte Risk Services, said: "We need to be able to quantify cyber-risks if proper cyber-resilience assurance is to be achieved. Only then will management boards be able to take sound risk/reward decisions in this volatile world and thus secure their organizations’ cyber-resilience. We are proud to have been given the opportunity to work alongside the World Economic Forum on a framework to quantify cyber-risks. The World Economic Forum’s network enables as many organizations as possible to use these insights to protect their organizations against cyberattacks and provide for a safer digital world."
According to Mark Rutte, the Prime Minister of the Netherlands "the internet has become a key strategic resource for citizens, companies and governments alike. In order to fully realize its enormous potential for growth and innovation, governments and the private sector need to work together to ensure it remains free, open and secure. The Netherlands is a leader in the field of internet access, use of email, social media and mobile data. At the Global Conference on Cyber Space on 16/17 April in The Hague, we will discuss the challenges ahead with all the major stakeholders, from the public and the private sector. Partnering for Cyber Resilience, which has a strong track record in strengthening resilience to cyberthreats, is among these partners."
TK Kurien, Chief Executive Officer of Wipro, said: "As part of the Partnering for Cyber Resilience initiative, we have been working together with members of the initiative to advance the cyber value-at-risk estimation. At Wipro, for example, we developed a model that has helped us build a more structured view of our risk profile and make more fact-based investments and policy decisions. We are also in active engagement with our customer boards and management to help them better appreciate risks and to transform their security profile. We hope this approach will serve other organizations as they develop their cyber-resilience strategies."