Cyber resilience and cyber risk management are critical challenges for most organizations today. Leaders increasingly recognize that the profound reputational and existential nature of these risks mean that responsibility for managing them sits at the board and top level executive teams.
Many organizations, however, do not feel that they are equipped with the tools to manage cyber risks with the same level of confidence that they manage other risks. Emerging leading practices have not yet become part of the standard set of board competencies.
Beyond individual organizations, cyber risk is a systemic challenge and cyber resilience a public good. Every organization acts as a steward of information they manage on behalf of others. And every organization contributes to the resilience of not just their immediate customers, partners and suppliers but also the overall shared digital environment.
Furthermore, continued technological adoption creates an urgency that cannot be ignored. In the coming years, several billions of everyday devices will be connected. As our virtual and physical worlds merge, the stakes are increased. This will require two things: 1) a significantly increased number of organizations adopting, sharing and iterating current leading practices; and 2) cross-sectoral collaboration to develop the new practices that will be required to deal with the unique attributes of managing cyber risks of physical assets. The second will be difficult without an informed body of leaders leveraging common tools and language.
For these reason, as part of the World Economic Forum’s System Initiative on the Digital Economy and Society, the Forum has partnered with The Boston Consulting Group and Hewlett Packard Enterprise to develop an important new resource, Advancing Cyber Resilience: Principles and Tools for Boards. This report, which is the product of an extensive process of co-collaboration and consultation, has distilled leading practice into a framework and set of tools that boards of directors can use to smoothly integrate cyber risk and resilience into business strategy so that their companies can innovate and grow securely and sustainably. The Forum would like to thank The Boston Consulting Group and Hewlett Packard Enterprise for their leadership, the Expert Working Group for their contributions and all of the board members, chairs and CEOs who helped shape and adjust our efforts as we went along. This was truly a community effort, and we remain in debt for the energy and commitment of each member.
We hope that you will join us in using these tools to help advance our shared cyber resilience.