Over the past decade, cyber security has become one of the most pressing systemic issues for the global economy. And we have the bills to prove it. Current global spending on cyber security is US$145 billion a year1. That total is predicted to surpass US$1 trillion by 2035. But what if, collectively speaking, we’re focusing too much of that time, attention and money on the past and not the future?
We were already becoming dependent on technology before the COVID-19 pandemic, and our dependency has increased dramatically since. In order to be able secure our increasingly complex and interdependent world, we need to find new ways of working, new notions of collaboration and new paradigms around trust.
I had the opportunity recently to contribute to a World Economic Forum report on cyber security. The report, Cybersecurity, emerging technology and systemic risk, posed a fundamental question: “Will our individual and collective approach to managing cyber risks be sustainable in the face of the major technology trends taking place in the near future?”
When you talk to some executives about cyber security, they have visions of banks of computers and flashing lights in data centers, while still holding to the idea of building walls around their corporate systems which must be defended against all comers.
My worry is that this is an old-world view of security; one which ignores the cloud, the internet of things, ubiquitous computing and an increasingly complex data ecosystem. As a society, our notion of ‘what a computer is’ is out of step with reality. As a result, all of us are playing catch-up. And while there are inherent risks if we fail to act, there are opportunities for those that get it right.
My message to corporate leaders is simple. Stop thinking about cyber security in the classic sense. Instead, focus on what’s the core of your business – the products, the services and of course the data. How can you engender trust amongst your customers, clients and partners in those core offerings? Yes, that may be about security, but it’s also about transparency, integrity and protection of the interests of those key stakeholders day-to-day and in the worst case when the inevitable incident happens.
This shifts the mindset from thinking about firewalls, anti-virus software and patching policies; to considering approaches to security which start from the premise that our company’s success is based upon its reputation, which is ultimately a manifestation of the trust others have in our offerings. And that is what we need to protect as a company.
Yes, this leads you to embedding security into products and services; but more than that it focusses attention on protecting customers, clients and partners; and on the stewardship of the trust they place in you when they share their most sensitive data or show their willingness to become dependent on you.
If you’re in a leadership position, I encourage you to download and review the report. It’s got some key insights, projections and recommendations that will shed light on some of the fundamental ways in which cyber security is going to change in the coming years and how those changes will apply to your company.
But more than that, ask yourself what is it you’re really trying to secure, how best can you do that and whether others across the community share the same objective? You may be surprised at the answers.
1. Future Series: Cybersecurity, emerging technology and systemic risk, (World Economic Forum, 2020), 4.