Global Cybersecurity Outlook 2023 Insight Report by WEF – World Economic Forum in collaboration with Accenture

Awareness and preparation will help organizations balance the value of new technology against the cyber risk that comes with it.

Geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and
increasing shareholder and regulatory expectations represent some of the significant challenges that
concern cyber and business leaders. If the findings of last year’s Global Cybersecurity Outlook reflected
the lingering impact of the pandemic, and the effects of rapid digitalization, this year’s Global
Cybersecurity Outlook reveals concerns about an increasingly fragmented and unpredictable world.
Building cyber resilience, globally, has been one of the key priorities of the World Economic Forum’s
Centre for Cybersecurity since its inception. Inherent in that work is bridge-building – between
the public and private sectors, and between cyber experts and business leaders. This year, when the
Centre engaged its network of global cyber and business leaders to solicit their insights on emerging
cyberthreats, we could see both how far we have come, and how far we have yet to go in helping

translate cyber-risk issues into communication that C-suites and boards of directors can use effectively.
The outlook, however, need not seem bleak. There’s hope for better understanding – and more
effective action – in the future. The best leaders avail themselves of wide-ranging information and
listen to all of their stakeholders, understand their role and impact, and exercise good judgement to
achieve the optimum outcomes. These attributes are no less necessary in cybersecurity than they
are in any other domain. In this edition of the Global Cybersecurity Outlook, we are pleased to
see improvement in a crucial area – awareness of cyber-risk issues, at the executive level, has
gone up. At the same time, this year’s Global Cybersecurity Outlook report represents a
challenge to leaders – to think more deeply about cybersecurity and listen more intently to cyber
experts, and to each other, in order to ensure our shared resilience.

Executive summary

Hearing is not the same as listening. This aptly characterizes the relationship between cyber and
business leaders in many organizations, according to research for the 2023 Global Cybersecurity
Outlook study. The significance of cyber risk has certainly been heard in C-suites and boardrooms.
Whether cyber leaders and business leaders understand each other well enough to meet this
challenge is, on the other hand, an open question.
Overall, the study indicates that business leaders are more aware of their organizations’ cyber issues than
they were a year ago. They are also more willing to address those risks. Nonetheless, cyber leaders still
struggle to clearly articulate the risk that cyber issues pose to their organizations in a language that their
business counterparts fully understand and can act upon. As a result, agreeing on how best to address
cyber risk remains a challenge for organizational leaders.
The 2023 Global Cybersecurity Outlook report presents the results from this year’s study of
cybersecurity and business leaders’ perspectives on leading cyber issues and examines how they affect
organizations around the world. Key findings include:
– The character of cyberthreats has changed.
Respondents now believe that cyberattackers are more likely to focus on business disruption
and reputational damage. These are the top two concerns among respondents.
– Global geopolitical instability has helped to close
the perception gap between business and cyber leaders’ views on the importance of cyber-risk
management, with 91% of all respondents believing that a far-reaching, catastrophic cyber event is at
least somewhat likely in the next two years.
– Following from this, 43% of organizational
leaders think it is likely that in the next two years, a cyberattack will materially affect their own
organization. This, in turn, means that in many cases, enterprises are devoting more resources
to day-to-day defences than strategic investment.
– The data protection and cybersecurity concerns
created by geopolitical fragmentation are increasingly influencing how businesses operate
and the countries in which they invest.
– Business executives acknowledge that their
organization’s cybersecurity risk is influenced by the quality of security across their supply chain
of commercial partners and clients.
– Leaders intend to respond to these concerns by strengthening controls for third parties with
access to their environments and/or data and re-evaluating which countries they do business in.
However, business leaders are more likely to focus on in-house solutions for cyber-risk management,
whereas security leaders place a higher priority on partnerships with other organizations.
– Many organizations are undertaking large digital
transformation projects. Adding emerging technology to legacy IT increases the complexity
of organizations’ digital environments and therefore their cybersecurity risk. Leaders struggle to balance
the value of new technology with the potential for increased cyber risk in their organizations.
– Cyber executives are now more likely to see data
privacy laws and cybersecurity regulations as an effective tool for reducing cyber risks across a
sector. This is a notable shift in perception from the 2022 Outlook report. Despite the challenges
associated with compliance, cyber leaders acknowledged that regulation incentivizes muchneeded
action on cybersecurity.
– Structured interactions between cyber and
business leaders are becoming more frequent – 56% of security leaders now meet monthly
or more often with their board. This is rapidly narrowing the cybersecurity perception gap. However, more needs to be done to promote understanding between business and security teams to support effective action by organizational leaders.
– Building a security-focused culture requires
a common language based on metrics that translate cybersecurity information into measurements that matter to board members and the wider business.
– Changes in organizational structure that embed
cyber-risk discussions across a business can also promote more fluid communication and
effective cyber-risk management.
– Ultimately, cyber leaders must present security
issues in terms that board-level executives can understand and act on. Business leaders, for
their part, need to accept more accountability for operational cyber requirements to advance
their organizations’ overall cyber capabilities.
– Cyber talent recruitment and retention continues
to be a key challenge for managing cyber resilience. A broad solution to increase the
supply of cyber professionals is to expand and promote inclusion and diversity efforts. In
addition, understanding the broad spectrum of skills needed today can help organizations
to expand their hiring pools. A number of promising initiatives are already in place, but
these tend to focus on small cohorts. Time, thought and investment are needed to make
cyber-skills development programmes scalable.

Leave a Reply

Your email address will not be published. Required fields are marked *