Today and for the foreseeable future, cyberattacks represent one of the greatest threats to business, government, and our daily lives. Whenever a technological innovation redefines what is possible, it simultaneously, and often inadvertently, creates new vulnerabilities that open doors for malicious behavior. Given the importance of digital technology in our lives, technological advances will only continue to heighten cyber-risk challenges.
The danger is present and very real. More than four billion records were compromised in the first six months of 2019, according to Risk Based Security’s “Data Breach Report.” Cyber ignores boundaries and often moral norms. Consider: “About one out of four youth in the United States will likely experience identity theft or fraud before they reach the age of 18, according to a major consumer-credit reporting company. The BBC reports that more than 14,000 people diagnosed with HIV in Singapore have had their personal information revealed. All the while, tampering continues with critical control systems, electoral processes, and autonomous machines.
The future of cyber risks is even more difficult to predict than the future of technology. But one thing is certain: cyber risk is growing and accelerating to an unprecedented degree. Left unchecked, the growth in cyberattacks will become exponential. As organizations and individuals increasingly rely on new, advanced, interconnected, and intelligent technologies, the opportunities for cyberattacks expand dramatically. Organizations can no longer look to address these growing cyber-related dangers alone.
The Oliver Wyman Forum is dedicated to working with leaders across public policy, academia, research, and businesses globally to create new insights and effective proposals to tackle the most challenging risks in our time and for future generations. Recognizing the growing threats and risks associated with cyber, new coalitions, partnerships, and collaborative arrangements need to be established across nations, industries, and communities. Collective cyber-resilient designs, defenses, effective response strategies, drills, and exercises will be required to tackle increasingly pervasive and pernicious challenges. These will need to be supported by new standards and regulations, and legions of cyber experts.
The Oliver Wyman Forum is committed to examining cyber challenges and formulating proposals for effective solutions. We are exploring existing best practices and approaches that are envisioned, or on the cusp of being deployed. The principal themes, which make up our strategic, forward-looking agenda, include:
- Increasing interconnectedness and technological interdependency. The high concentration of advanced technology-service providers, expanding supply-chain networks, and the drive toward seamless integration of data-rich technologies, is creating unprecedented cyber risks by enabling people to access more services, in more ways and more often.
- The need for greater cybersecurity awareness and enhanced cyber literacy. Humans are the weakest link for cyberattacks. Lack of cyber literacy or awareness accounts for an estimated 80 percent of the data breaches in which people unintentionally enabled cybercriminals to infiltrate systems, according to the IT Governance blog. Typically, people have insufficient recognition and comprehension regarding the cyber risks they face and how to protect themselves against them.
- Government and public-sector cyber responsibilities. Today, 58 percent of national governments across the planet have a cyber strategy, according to the ITU’s 2018 Global Cybersecurity Index. Yet, nation-state sponsored cyberattacks and insidious preparations for cyber warfare continue to intensify. There is a greater need than ever for robust and comprehensive sovereign cyber-resilience strategies across all aspects and sizes of commerce, and all strata of society for each and every nation.
- The deepening cyber-resilience divide. The gap is widening between companies that have the resources, talent, and funding to build, deploy, and maintain sufficient cyber-defense capabilities, and those that cannot. More businesses are going out of business because of cyberattacks. Given independencies across supply chains and ecosystems, which encompass entities of all shapes and sizes, and our moral obligation to defend smaller organizations, much more needs to be done to avoid leaving certain populations and entities behind when it comes to cyber resilience.
- The chronic global shortage of cyber experts. Without investment and attention, today’s estimated global shortage of nearly 3 million cybersecurity professionals could continue, according to the (ISC)² Cybersecurity Workforce Study.
Please join us in our collective effort to more deeply understand and to tackle these challenges.
Paul Mee, Partner, Oliver Wyman
Rico Brandenburg, Partner, Oliver Wyman