Business leaders must focus on protecting critical capabilities and services, balance risk-informed decisions during the crisis and beyond, update and practice BCP and strengthen ecosystem-wide collaboration
The world is experiencing an unprecedented crisis that is causing chaos in the global economy, disrupting supply chains, and transforming society. The new reality is accelerating business model transformation at a faster pace than ever before to ensure existential survival in a crisis for which no one was prepared.
It is imperative that leaders strategically manage information risks, work towards a culture of shared cyber-risk ownership across organizations, and take a strategic approach to cyber resilience. Effective cyber resilience requires a combined and aligned multi-disciplinary effort to move beyond compliance to cohesive business and digital enablement.
Businesses need to consider cyber resilience from a business perspective, looking at the cyber element of operational risks to their business as they become increasingly dependent on the internet and digital channels. They also need to adopt a resilience mindset of how they would respond to and recover from any major cyber event.
In view of this, the World Economic Forum (WEF), in its report, titled Cybersecurity Leadership Principles: Lessons Learnt during the COVID-19 Pandemic to Prepare for the New Normal, has outlined the following principles, which will help organizations to shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives:
1. Foster a culture of cyber resilience
The COVID-19 crisis has highlighted that focusing only on cybersecurity is insufficient if the challenges of digitalization are to be effectively met. Protection and defence strategies are important but businesses must also develop strategies to ensure resilient and sustainable networks while taking advantage of the opportunities that digitalization can bring.
Additionally, since vulnerability in one area of the supply and value chains can compromise the entire organization, resilience requires a conversation focused on critical systems and processes rather than a blanket approach.
The following key actions will help leaders instil a culture of cyber resilience within the enterprise and broader ecosystem:
- Implement cyber resilience governance
- Promote resilience by design
- Go beyond compliance
- Strengthen cyber-resilient employee behaviors
2. Focus on protecting critical capabilities and services
Business leaders must have a holistic and systemic view of their critical services, applications, suppliers and assets to determine the potential ramifications of a crisis to revenue, employees, customers and continuity of essential services. Cyber health has many similarities to human health and a parallel could be drawn between the preventive, tracing and response measures to the COVID-19 virus and those recommended for digital viruses.
The following key actions will help leaders maintain the cyber health of their businesses and protect capabilities and services that are critical to operations:
- Enforce strong cyber hygiene
- Protect the access to critical assets
- Monitor abnormal activities on your critical assets
- Prioritize investments in cybersecurity automation
3. Balance risk-informed decisions during the crisis and beyond
Business leaders should recognize that their business risk posture has changed significantly and will need to be restored to an acceptable level after the crisis.
The following key actions will help leaders balance risk-informed decisions:
- Move towards a Zero-Trust Approach to securing your supply chain
- Define and implement meaningful cyber-resilience metrics
- Focus on cyber risks critical to operations
4. Update and practice your response and continuity plans as your business transitions to the new normal
While many cyber-resilience leaders and other business leaders have drawn on their experiences of past crises to respond to the early stages of the COVID-19 outbreak, the pandemic’s scale and unpredictable duration make the response and recovery efforts particularly difficult.
The following key actions will help leaders maintain business continuity in this turbulent and dynamic period:
- Practice a comprehensive crisis management plan
- Maintain and adjust response and resilience plans
- Prepare for the new normal
5. Strengthen ecosystem-wide collaboration
Public- and private-sector leaders need to promote collaboration and actively participate in initiatives to ensure that actions are taken to secure the broader ecosystem against current and emerging cyber threats. Furthermore, businesses must align expectations with suppliers on their cybersecurity controls (and associated compliance regimes) to encourage regulatory alignment in terms of third-party assurance, and also take forward a range of community initiatives to raise awareness of cybersecurity risks within the broader supply chain.
The following key actions will help leaders instil a culture of collaboration within the enterprise and across the ecosystem:
- Increase collective situational awareness
- Drive collective action
- Take a systemic approach to cyber risk management
The New Normal
The COVID-19 crisis has generated unprecedented challenges to organizations, forcing everyone to juggle professional responsibilities with important personal ones. The coming months are likely to bring more uncertainty. By adhering to the practices proposed, business leaders can better meet their responsibilities to uphold their organization’s security posture and maintain business continuity during this pandemic and beyond. With effective cyber-risk management and cyber-resilience practices, businesses can achieve smarter, faster and more connected futures, driving business growth and efficiency.
As the cyber threats to business continue to evolve, public- and private-sector leaders will have to address them in the digital and physical worlds to mitigate any potential harm to individuals and avoid the disruption of critical services. Businesses that understand and act on the signals and warnings can adapt and turn an increasingly ambiguous and fast-moving world to their advantage.