When it comes to cybersecurity, the most vulnerable point of an organization is its people, not its systems. Before COVID-19, data showed us 72% of breaches arose because of organizational, process, and people failures rather than a lack of adequate technology. Combine this number with the added uncertainty of home technology and the steady increase in breach attempts during the pandemic, and you have a crisis. COVID-19 has reinforced the significance of the digital economy and, with it, the need for a resilient global cybersecurity strategy — one that allows for collaboration across corporations; governments; micro-, small and medium-sized enterprises (MSMEs); and individuals.
The World Economic Forum (WEF) estimates that global digitalization could create $100 trillion of value by 2025 — an exciting prospect and a major positive for global economies. Yet data from Cybersecurity Ventures suggests cybercrime will cost the global economy a steep $6 trillion annually by 2021, representing twice the cost of 2015 levels. It is clear that much remains to be done to protect the gains that digitalization and technological innovation bring to all corners of the world.
Sadly, COVID-19 has represented an enormous opportunity for cybercriminals — coronavirus-themed spam skyrocketed by as much as 14,000% in just a two-week period of the pandemic. Trusted sources for information — such as the World Health Organization, Centers for Disease Control and Prevention, and others — have been consistently targeted by criminals through phishing, spam, and malware.
Further, the pandemic put a spotlight on the fact that organizations have to rely on employees — who often have not received proper cybersecurity training — and information security systems that are ill-suited for remote work as gatekeepers of their most sensitive data. And though governments tend to have robust network security systems, they are just as at risk, if not more so, often due to outdated technology.
As leaders of a global business task force responsible for advising and providing recommendations on the future of digitalization to G20 Leaders, we are doubling down on our efforts to build cyber resilience, and we urge leaders to recognize the importance of cybersecurity resilience as a vital building block of our global economy.
And we must be thoughtful in our future cyber approach. A human-centric, education-first strategy will protect organizations where they are most vulnerable and get us closer to the point where cybersecurity is ingrained in our daily life rather than an afterthought.
Action through collaboration, one of our guiding principles as the voice of the private sector to the G20, is the only viable option. A public-private partnership built on cooperation among large corporations, MSMEs, academic institutions, and international governments is the cornerstone of a modern and resilient cybersecurity system. A few simple but powerful actions ingrained in a global cybersecurity strategy will bring our users into the new age of digital transformation and embed a security mindset into our day-to-day, making breach attempts significantly less successful.
To bring a strategy like this into reality, we still must address a number of hurdles, such as the perception of cybersecurity as separate from employees' work and the slow recognition of cyber as a priority for MSMEs and local governments. The pandemic has brought the importance of these shifts to the forefront. CIOs, for example, are taking their role to the next level more than ever as their IT decisions become visible to company and industry leaders through their workers' remote productivity and security, while governments worldwide realize the necessity for a strong digital infrastructure to keep their countries moving, connected, and safe.
Visibility and recognition are just the beginning. Beyond that, we have several steps ahead of us, such as:
- Identify channels and forums for these conversations;
- Understand the stakeholders at play from the public and private sectors;
- Create a joint recommended set of minimum standards that can act as a starting point for professionals in cybersecurity and beyond, including those from MSMEs;
- Embed cybersecurity into the ongoing training of all employees across the private and government sectors, and
- Launch bold awareness campaigns through partnerships with government agencies such as the National Institute of Standards and Technology and the EU Agency for Cybersecurity.
Those of us in the cybersecurity industry know the COVID-19 pandemic won't be the last major disruption of its kind. On the contrary, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives. The truth is, a cyber pandemic is probably as inevitable as future disease pandemics, and we saw a glimpse of that with the WannaCry attack in 2017. Compounded by the pandemic-induced economic downturn, the losses of such a disruption would be insurmountable for many businesses. It is our responsibility to ensure this doesn't happen and to approach these new frontiers strategically, build on what each of our industries does best, and learn from one another.