- World Economic Forum members present a cyber value-at-risk framework that shows what companies can do to protect themselves against cyberattacks and how they can assess the impact of cyberthreats
- The framework arrives in the midst of a wave of cyberattacks against companies and governments
- Download the full report here
Davos, Switzerland, 19 January 2015 – The World Economic Forum and its partners have developed a new way for organizations to calculate the impact of cyberthreats. The framework, called “cyber value-at-risk” comes at a time when cyberattacks are increasing in velocity and intensity, and when 90% of companies worldwide recognize they are insufficiently prepared to protect themselves against them.
“Continuous cyberattacks on global organizations are showing that we are at a crossroads,” said Alan Marcus, Senior Director of the Information and Communication Technology Industries at the World Economic Forum. “The same technologies many organizations have become so dependent on can also threaten their very core. This is why we are launching a Future of the Internet initiative in Davos, including this critical cyber value-at-risk framework.”
The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created in collaboration with Deloitte and with the input of 50 leading organizations from around the world. The report will be discussed at a session during the World Economic Forum Annual Meeting 2015.
The purpose of the cyber value-at-risk approach is to help organizations make better decisions about investments in cybersecurity, develop comprehensive risk management strategies, and help stimulate the development of global risk transfer markets. The framework helps organizations address questions such as how vulnerable they are to cyberthreats, how valuable the key assets at stake are, and who might be targeting them.
The framework requires organizations to understand key cyber-risks and the dependencies between them. It will also help them establish how much of their value they could protect if they were victims of a data breach and for how long they can ensure their cyber protection.
Jacques Buith, Managing Partner at Deloitte Risk Services, said: “We need to be able to quantify cyber-risks if proper cyber-resilience assurance is to be achieved. Only then will management boards be able to take sound risk/reward decisions in this volatile world and thus secure their organizations’ cyber-resilience. We are proud to have been given the opportunity to work alongside the World Economic Forum on a framework to quantify cyber-risks. The World Economic Forum’s network enables as many organizations as possible to use these insights to protect their organizations against cyberattacks and provide for a safer digital world.”
According to Mark Rutte, the Prime Minister of the Netherlands “the internet has become a key strategic resource for citizens, companies and governments alike. In order to fully realize its enormous potential for growth and innovation, governments and the private sector need to work together to ensure it remains free, open and secure. The Netherlands is a leader in the field of internet access, use of email, social media and mobile data. At the Global Conference on Cyber Space on 16/17 April in The Hague, we will discuss the challenges ahead with all the major stakeholders, from the public and the private sector. Partnering for Cyber Resilience, which has a strong track record in strengthening resilience to cyberthreats, is among these partners.”
TK Kurien, Chief Executive Officer of Wipro, said: “As part of the Partnering for Cyber Resilienceinitiative, we have been working together with members of the initiative to advance the cyber value-at-risk estimation. At Wipro, for example, we developed a model that has helped us build a more structured view of our risk profile and make more fact-based investments and policy decisions. We are also in active engagement with our customer boards and management to help them better appreciate risks and to transform their security profile. We hope this approach will serve other organizations as they develop their cyber-resilience strategies.”
More than 2,500 participants from over 140 countries, including more than 40 heads of state or government, will convene at the 45th World Economic Forum Annual Meeting, taking place from 21 to 24 January 2015 in Davos-Klosters, Switzerland.
The Co-Chairs of the Annual Meeting 2015 are: Hari S. Bhartia, Co-Chairman and Founder, Jubilant Bhartia Group, India; Winnie Byanyima, Executive Director, Oxfam International, United Kingdom; Katherine Garrett-Cox, Chief Executive Officer and Chief Investment Officer, Alliance Trust, United Kingdom; Young Global Leader Alumnus; Jim Yong Kim, President, The World Bank, Washington DC; Eric Schmidt, Executive Chairman, Google, USA; and Roberto Egydio Setubal, Chief Executive Officer and Vice-Chairman of the Board of Directors, Itaú Unibanco, Brazil.
The World Economic Forum is an international institution committed to improving the state of the world through public-private cooperation in the spirit of global citizenship. It engages with business, political, academic and other leaders of society to shape global, regional and industry agendas.
Incorporated as a not-for-profit foundation in 1971 and headquartered in Geneva, Switzerland, the Forum is independent, impartial and not tied to any interests. It cooperates closely with all leading international organizations (www.weforum.org).