Why the WEF Cybersecurity Report Should be Taken into Boardrooms

The phrase “knowledge is power”, often attributed to Sir Francis Bacon, resonates with many cybersecurity leaders.  Cybersecurity leaders are familiar with things being in short supply, but reports on the impact of cyber threats do not fit in the ‘short supply’ category.

Reports highlighting the bleak cybersecurity landscape and the seemingly unsurmountable odds facing cybersecurity professionals are published weekly. Amongst all these reports, however, statistics and findings often seem contradictory. The challenge then evolves from ‘where can I source information?’ to ‘what data can I trust?’

Mark Twain popularised the common phrase, ‘lies, damned lies, and statistics’, highlighting how statistics can be manipulated to suit the person’s narrative. Sadly, many industry reports succumb to this. Reports written or sponsored by vendors often simply reinforce those vendors’ viewpoints of the world and provide justification to purchase their products. These reports often focus on the technical aspects of the challenge or on a particular threat actor, which while of interest to cybersecurity professionals, often leaves those outside the cybersecurity bubble asking the question: so what?

“Reports written or sponsored by vendors often simply reinforce those vendors’ viewpoints of the world and provide justification to purchase their products.”

Presenting cybersecurity initiatives and strategies to the board or the senior business leadership in an organisation requires positioning those initiatives and strategies in a context that the targeted audience can better understand. Reinforcing decisions and budgetary requests with facts and figures from external sources can provide context. While vendor-sponsored reports may have some value, one of the most valuable reports a cybersecurity professional can have is the World Economic Forum’s (WEF) Global Cybersecurity Outlook Report.

The WEF Global Cybersecurity Outlook is a comprehensive insight into the current trends that cybersecurity leaders need to consider. The report is produced by surveying leaders from various organisations across the globe, running various cybersecurity workshops hosted by the WEF, analysing reputable third-party reports, and conducting interviews with over 150 global organisations. It is also a companion report to the World Economic Forum’s Global Risk Report. Cybersecurity is consistently one of the top global risks identified within the Global Risk Report. The Global Cybersecurity Outlook Report exists to provide further insight into how that risk threatens the global economy.

As a result, the Global Cybersecurity Outlook Report is an invaluable tool to cybersecurity leaders as it provides extensive viewpoints and analysis of key trends in cybersecurity, business, geopolitics, and society that can impact an organisation’s cybersecurity posture, resilience and approach to risk management.  As a source of reference for presentations and reports to senior business leaders, the Global Cybersecurity Outlook is an invaluable and independent resource. The report allows a cybersecurity leader to move away from the technical and tactical focus that many other vendor-type reports have and take a more nuanced and business view of managing cybersecurity-related risks to the company.

With a global input into the report, the (WEF) Global Cybersecurity Outlook Report provides invaluable insight into the various emerging cyber threats that are out there. An early understanding of these threats enables the cybersecurity leader to prioritise their strategic investment in cybersecurity initiatives and justify those investments.

“Reinforcing decisions and budgetary requests with facts and figures from external sources can provide context”

Cybersecurity leaders should also consider other influences impacting how they can create a strategic approach to effective risk management. Business leaders are waking up to their responsibilities around cybersecurity. While they don’t necessarily want to know the technicalities of the tools and controls implemented to protect the organisation, they do want to know that those tasked with protecting the business from cyber threats understand the implications to the business posed by those threats and what is being done to manage them. The Global Cybersecurity Outlook Report addresses elements including dealing with the board, gaining leadership support, supply chain risk management, skills shortage, and geopolitics’ impact on cybersecurity. These areas are important for today’s cybersecurity leaders to understand and appreciate.

As noted at the beginning, “knowledge is power”, and with the WEF Global Cybersecurity Outlook Report, cybersecurity leaders have a powerful resource to enable them to tackle the various challenges they have in their role, not least in gaining better engagement with business leaders and helping ensure the resilience of their organisations in the face of an ever-evolving threat landscape.

Brian Honan is CEO of BH Consulting, an independent cybersecurity and data protection advisory firm based in Dublin, Ireland. Brian is an internationally recognised expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), and is the founder of Ireland’s first Computer Emergency Response Tean (CERT). He is also a member of the advisory board of several innovative security companies. Brian is the author of several books and regularly writes for various publications.