How Can Cyber Defenders Win?

Arguments

Emerging countries and their position on cyber defense

Supporting facts:

• Audience member has been working on these topics in Latin America

• Even big companies are struggling with cyber defense

Topics: cyber defense, emerging countries, supply chain security

---

Recommendations for emerging countries and suppliers for managing cyber defense

Supporting facts:

• Audience member asks for recommendations

Topics: cyber defense strategies, emerging countries, recommendations

---

Conditions for reconnection in a network after a disconnect are important

Supporting facts:

• Recent incidents in the US treasury market

Topics: Transparency, Financial Market Infrastructure, Network disconnection, Reconnection

---

Report

During the discussion, several topics related to cyber defence, emerging countries, and supply chain security were addressed. The speakers expressed concerns about the position of emerging countries in terms of cyber defence capabilities. An audience member, who had been working on these topics in Latin America, shared their concerns about the challenges faced by even big companies in managing cyber defence.

This highlights the urgent need for emerging countries to strengthen their cyber defence strategies and capabilities. Furthermore, another important point raised during the discussion was the need for suppliers to develop cyber defence capabilities. It was questioned what would happen if suppliers are unable to manage cyber defence effectively.

The potential consequences of not being able to develop these capabilities include being left out of the market and losing competitiveness. This highlights the significant impact that cyber defence can have on a supplier’s market position and overall business sustainability.

The audience also sought recommendations for managing cyber defence in emerging countries and suppliers. While specific recommendations were not mentioned, it signifies the interest and willingness to explore effective strategies for tackling cyber threats in these contexts. This further underscores the need for proactive measures and policies to enhance cyber defence in both emerging countries and supplier networks.

In addition to cyber defence, the discussion touched on the conditions for reconnection in a network after a disconnect. Recent incidents in the US treasury market were referenced to emphasise the importance of transparency and financial market infrastructure. The speakers highlighted the need for more preparation and work to be done in advance to ensure a smooth and efficient reconnection process.

This positive sentiment highlights the potential benefits of proactive planning and readiness in managing network disconnects and reconnection. Overall, the discussion shed light on the pressing issues surrounding cyber defence, emerging countries, and supply chain security. It highlighted the need for emerging countries to strengthen their cyber defence capabilities and the importance for suppliers to proactively develop these capabilities.

It also emphasised the significance of transparent financial market infrastructure and proactive preparation for network disconnection and reconnection. These insights contribute to the ongoing efforts to address the challenges and implications of cyber threats in today’s interconnected world.

Arguments

India’s digital society and progress are huge opportunities

Supporting facts:

• India is already a digital society with the last mile connected by technology for livelihood

• Digital literacy and responsible use of technology are being promoted at grassroots level and becoming a part of the core curriculum

• Infrastructure for India’s digital economy is being taken care of by ensuring security by design which becomes an imperative for the digital public infrastructures

Topics: Cybersecurity, Digital Literacy, Digital Public Infrastructure, Digital Transformation

---

The pace of technology and risk landscape evolution challenges traditional educational processes

Supporting facts:

• Only 15% of all organizations are optimistic that cyber skills and education will significantly improve in the next two years.

• 52% of public organizations state that a lack of resources and skills is the biggest challenge when designing cyber resilience.

• The job of the CISO has completely changed.

Topics: Cybersecurity Education, Technology Evolution

---

India is disrupting traditional cybersecurity training with shorter courses, upskilling existing workers and engaging industry in curriculum design

Supporting facts:

• NASSCOM works with government and Microsoft to train women in tier two, tier three cities in India.

• Cybersecurity training has been provided to 2,000 plus women in the last one or two years.

• The government has agreed to give credits to industry curriculum in the universities.

Topics: India, Cybersecurity Education, Industry Collaboration

---

There is a need for models that act as security experts, integrate security protocols into every level of operation, and save time

Supporting facts:

• Traditional education cannot keep pace with risk landscape and technology evolution.

• Every single employee cannot be trained to become a security expert.

Topics: Workforce Upskilling, Cybersecurity

---

AI is fundamental to cyber security

Supporting facts:

• AI provides game changing capabilities

• AI would be used by both good guys and bad guys

Topics: AI, Cyber Security

---

Report

During the discussion on cybersecurity and the digital society, several key points were highlighted. One of the main points made was that India is considered a digital society. It was mentioned that the last mile in India is already connected by technology for livelihood, indicating widespread technology adoption throughout the country.

Furthermore, digital literacy and responsible use of technology are being promoted at the grassroots level and have become part of the core curriculum. This indicates that efforts are being made to educate the population on the safe and responsible use of technology.

The importance of secure infrastructure for India’s digital economy was also emphasized. It was mentioned that security by design is being ensured to protect digital public infrastructures. This suggests that measures are being taken to build secure foundations for the digital economy in India.

In the context of the post-COVID hybrid work model, it was noted that more than 50% of employees are still working from home. As a result, the focus on cybersecurity should shift from securing the enterprise perimeter to ensuring cybersecurity in the home and partner ecosystems.

This highlights the need to adapt to new cybersecurity paradigms to address the evolving challenges brought about by the hybrid work model. The discussion also touched upon the challenges in cybersecurity education. It was stated that only 15% of organizations are optimistic about a significant improvement in cyber skills and education in the next two years.

Additionally, a lack of resources and skills was identified as the biggest challenge when designing cyber resilience. This suggests that there is a need to address the skills gap in the field of cybersecurity to effectively tackle evolving cyber threats.

The importance of upskilling and workforce training in cybersecurity was emphasized. It was acknowledged that traditional education processes may not be able to keep pace with the rapidly evolving technology landscape and risk landscape. Instead, models that act as security experts and integrate security protocols into every level of operation were suggested as a way to save time and enhance cybersecurity.

AI (Artificial Intelligence) was recognized as a fundamental aspect of cybersecurity. It was stated that AI provides game-changing capabilities and could be used by both good and bad actors. Moreover, the potential of AI to build cyber resilience was highlighted.

It was recommended that governments and companies should utilize AI to strengthen their cybersecurity efforts and fight against AI-powered cyber threats. In conclusion, the discussion on cybersecurity and the digital society highlighted the progress India has made as a digital society, the need to adapt to new cybersecurity paradigms in the post-COVID hybrid work model, the challenges in cybersecurity education, and the importance of upskilling and utilizing AI for building cyber resilience.

It is evident that cybersecurity should focus on resilience and recovery, and leveraging AI is crucial in enhancing cybersecurity capabilities.

Arguments

Gary Steele predicts a challenging year ahead for cyber security due to various ongoing conflicts and election Cycle in the US.

Supporting facts:

• Active conflicts and potential large conflict ongoing.

• Previous US elections witnessed a surge in threat activity.

• Ransomware actors are continually winning.

Topics: Cyber Security, Election, Ransomware

---

Despite the anticipated challenges, Gary Steele is optimistic about the advancements in cyber security measures and the impact of heightened awareness about the issue.

Supporting facts:

• Investments and maturity in the field have increased.

• The number of cybersecurity companies has drastically increased from a few to thousands.

• Large amounts of funding and human resources are focused on innovation.

Topics: Cyber Security, Innovation, Awareness

---

Gary Steele believes that future innovations in AI will make cybersecurity more accessible and cost-effective.

Supporting facts:

• AI could be a facilitator for organizations with limited bandwidth and skills.

• Cybersecurity will get easier to defend.

Topics: Cyber Security, Artificial Intelligence, Innovation

---

Improvement in awareness about cyber risks at leadership level in boardrooms

Supporting facts:

• Cyber risk is now a topic of conversation in board rooms, it’s a top priority

• Awareness at a leadership level is more than what it was 5 years ago

Topics: cyber risks, corporate governance, boardroom awareness, cybersecurity

---

There’s room for maturity and improvement in the boardroom concerning cybersecurity

Supporting facts:

• People say we should have a cyber expert, but they haven’t quite figured it out yet

Topics: cybersecurity, boardroom improvement, corporate governance

---

Gary Steele views the SEC rule as a beneficial provision bringing transparency to industries

Supporting facts:

• Transparency results in better outcomes for everyone

• Agility and decision making improve with transparency

Topics: SEC rule, Transparency

---

Transparency in response to cyber events is crucial for collective defense.

Supporting facts:

• Mentions events in the software supply chain such as SolarWinds as an example.

• States that the faster and more transparent people are, the better off we are.

Topics: Cybersecurity, Transparency, Collective defense

---

Report

Gary Steele, a cybersecurity expert, anticipates a challenging year ahead for the field due to ongoing conflicts and the US election cycle. These factors contribute to a surge in threat activity, making cybersecurity more difficult to ensure. However, despite these challenges, Steele remains optimistic about advancements in cyber security measures and the impact of heightened awareness.

Steele believes that future innovations in Artificial Intelligence (AI) will make cybersecurity more accessible and cost-effective. AI can facilitate cyber defence for organizations with limited resources and expertise. This positive outlook reflects the increasing investments and maturity in the cybersecurity sector, with numerous companies focused on innovation.

There has been an improvement in awareness about cyber risks at the leadership level in boardrooms. Cyber risk is now a top priority topic of conversation, signifying progress in corporate governance. However, there is still a lack of regulation mandating cyber expertise in boardrooms, which highlights a need for stronger measures.

Transparency is crucial in the cybersecurity field. Steele views the SEC rule, which brings transparency to industries, as beneficial. Transparency enables better decision-making, agility, and improved response to vulnerabilities. Steele advocates for transparency in both industries and the software supply chain.

Steele emphasizes the importance of transparency in collective defense against cyber threats. Faster and more transparent communication and collaboration are key for better outcomes in addressing cyber events. In conclusion, despite the challenges, Steele remains optimistic about advancements in cyber security measures.

The integration of AI holds promise, and there has been an improvement in awareness about cyber risks. However, a lack of regulation mandating cyber expertise in boardrooms hinders progress. Transparency is crucial in both industries and the software supply chain, as well as in achieving collective defense against cyber threats.

Arguments

Cyber insecurity is a prominent risk over both a two-year and 10-year timeframe

Supporting facts:

• Over the past 20 years, cyber risk has been moving to the top of the list

• Data confirms that this risk is top of mind for businesses around the world

Topics: Cyber Insecurity, Business Risks, Global Risks

---

Systemic events such as cyber terror, power grid failures, and cloud service provider issues are big concerns

Supporting facts:

• Today, businesses are concerned about how systemic events might impact their operation

• Most developed economies and businesses are unprepared for these types of systemic events

Topics: Systemic Events, Cyber Terror, Power Grid Failures, Cloud Service Provider

---

Increased risk awareness and the implementation of preventive measures are crucial

Supporting facts:

• John Doyle emphasizes the necessity of being mindful of cyber risk for businesses and individuals

Topics: Risk Awareness, Preventive Measures, Cybersecurity

---

Cyber insurance plays a critical role in risk readiness and resilience

Supporting facts:

• Cyber insurance companies start the dialogue with a cyber self-assessment tool

• There are segments of certain industries that won’t be able to get insurance today because they are not prepared and not ready

Topics: cyber insurance, risk readiness, resilience

---

The cyber insurance market is adjusting to the rise in ransomware claims

Supporting facts:

• Prices were on the rise in response to the explosion of ransomware claims

• Now, prices are actually coming down slightly

Topics: cyber insurance, ransomware, market adjustment

---

Insurers and reinsurers are worried about systemic events

Supporting facts:

• Insurers and reinsurers are worried about how systemic events might aggregate in their portfolio

• They are investing a lot in modeling to prepare for such events

Topics: insurers, reinsurers, systemic events

---

There’s a need for public-private partnerships in cyber insurance

Supporting facts:

• John Doyle is spending time working with governments for possible partnerships

• Certain catastrophic scenarios are larger than what the insurance industry alone could finance

Topics: public-private partnerships, cyber insurance

---

Industry’s role isn’t enforcement but sending signals

Supporting facts:

• Having level of expertise inside a firm is a data point about company’s risk awareness and readiness.

Topics: Industry role, Risk Awareness, Risk Readiness

---

Bad guys are often better organized than the good guys

Supporting facts:

• Governments requiring reporting are aggregating a lot of data

Topics: Security, Organization

---

Government agencies need to learn from the data they have to improve security

Supporting facts:

• A lot of data is being aggregated by many governments that require reporting

Topics: Government, Data Analysis, Security

---

Report

Cyber insecurity and systemic events are identified as significant risks in the field of cybersecurity. Over the past 20 years, cyber risk has risen to the top of the list for businesses worldwide, indicating widespread concern about this issue. Data confirms that businesses are highly mindful of cyber risks and recognise the need for preventive measures.

The increasing role of AI is seen as both an opportunity and a challenge in the fight against cyber risks. John Doyle, an expert in the field, believes that AI will amplify the arms race in cybersecurity, posing risks for both sides.

This suggests the need for ongoing efforts to keep pace with advancements in AI technology and its potential implications for cybersecurity. Risk awareness and the implementation of preventive measures are highlighted as crucial in addressing cyber risks. John Doyle emphasises the necessity for businesses and individuals to be mindful of cyber risk and to take appropriate steps to mitigate potential threats.

This includes staying up to date with the latest security protocols and investing in the necessary resources to protect against cyber threats. The role of cyber insurance in risk readiness and resilience is recognised. Cyber insurance companies have started engaging in dialogue with businesses through cyber self-assessment tools to assess their preparedness.

However, it is noted that certain segments of industries may not be able to obtain insurance due to their lack of preparedness. It is suggested that cyber insurance plays a critical role in helping businesses and industries build resilience against cyber risks.

The cyber insurance market is adjusting to the rise in ransomware claims. Prices were initially on the rise in response to the explosion of ransomware incidents, but they are now starting to come down slightly as the market adapts to this new threat landscape.

Insurers and reinsurers express concern about systemic events such as cyber terror, power grid failures, and cloud service provider issues. They are investing heavily in modelling to prepare for and manage these potential events, highlighting the need for comprehensive risk management strategies.

Public-private partnerships are advocated for in addressing the complex challenges of cyber insurance. Working with governments, particularly in catastrophic scenarios that exceed the insurance industry’s capacity, can help ensure better coverage and risk management strategies. Small and medium-sized enterprises (SMEs) are identified as the most unprepared and uninsured in terms of cyber risks.

In the event of a major incident, uninsured SMEs may have their risks fall on the government’s balance sheets. This highlights the importance of raising awareness among SMEs about the need for cyber insurance and risk management. The industry’s role in risk awareness and readiness is emphasised.

Having a level of expertise within companies is seen as an essential indicator of risk awareness and readiness. The industry is encouraged to focus on sending signals rather than strict enforcement to drive improved cybersecurity practices. Governments are urged to utilise aggregated data to improve security.

While reporting requirements have led to the aggregation of significant amounts of data, it is argued that governments need to analyse and learn from this data to enhance security measures. This highlights the importance of data utilisation and analysis in addressing cyber risks effectively.

In conclusion, cyber insecurity and systemic events pose significant challenges in the field of cybersecurity. The role of AI, risk awareness, preventive measures, cyber insurance, and public-private partnerships are all key factors in addressing these challenges. The need for increased focus on SMEs, the industry’s role in signalling, and the utilisation of aggregated data by governments also feature prominently in the conversation around cybersecurity.

By proactively addressing these key areas, businesses and governments can work together to enhance cybersecurity practices and mitigate the risks associated with cyber threats.

Arguments

Global law enforcement is struggling with the sheer volume of cyber-related crimes

Supporting facts:

• More resources invested in law enforcement leads to more discovered cases

• Most cases have an international dimension which challenges the classic model of investigation

• 70% or 80% of Interpol member countries are struggling to investigate cybercrime due to lack of legislation or capabilities

Topics: Interpol, cybercrime, law enforcement

---

Artificial Intelligence is a game changer for both criminals and law enforcement

Supporting facts:

• Criminals are offering malicious services like denial of service attacks, phishing mails, deep fakes through the underground economy

• AI as a service for criminals is already available

• AI drives scale, sophistication, and speed in terms of online crime

Topics: Artificial intelligence, cybercrime, law enforcement

---

India’s cyber incidents are underreported, with only 8 to 30% being disclosed

Supporting facts:

• Jürgen mentioned that typically, 8 to 30% of incidents are reported

Topics: Cybercrime, India, Cyber incidents, Cyber theft, Cyber terrorism

---

Global cooperation and coordination is needed to combat cybercrime

Supporting facts:

• The nature of the threat and limited resources necessitate global action

Topics: Cybercrime, Global cooperation, Interpol

---

Interpol is ready to cooperate with the private sector in combating cybercrime

Supporting facts:

• Interpol runs a gateway project in Singapore that provides for real-time sharing of information with the private sector

Topics: Interpol, Private sector, Cybercrime

---

Crime always did exist and will always exist. So it’s about reducing the risk.

Topics: Crime, Risk Reduction

---

Building an effective architecture of security, institutionalized cooperation requires a holistic approach.

Topics: Security, Cooperation, Holistic Approach

---

Artificial intelligence used in an ethical way, is a huge opportunity for law enforcement to provide for more effective deterrence and prosecution.

Topics: Artificial Intelligence, Law Enforcement, Ethics, Prosecution

---

Report

Global law enforcement is facing significant challenges in tackling the escalating number of cyber-related crimes. Approximately 70-80% of Interpol member countries struggle to investigate cybercrime due to a lack of legislation and capabilities. This highlights the urgent need for increased resources and investment in law enforcement to effectively combat cybercrime.

Artificial Intelligence (AI) is revolutionizing the landscape of cybercrime, presenting both opportunities and challenges for criminals and law enforcement agencies alike. Criminals are leveraging AI to commit crimes at a larger scale, with greater sophistication, and at a faster speed.

They offer malicious services such as denial of service attacks, phishing mails, and deep fakes through the underground economy. The availability of AI-as-a-service for criminals further amplifies these threats. In response, law enforcement agencies need to adapt and equip themselves with AI technologies to effectively combat cybercrime.

Given the increasing use of AI by cybercriminals, there is an urgent need to address cybercrime and prepare for future challenges. The statistics show a continuous upward trend in cybercrime, emphasizing the need for comprehensive action. AI empowers criminals to perpetrate crimes more efficiently, making it essential to take immediate measures to combat cyber threats.

In India, cyber incidents are significantly underreported, with only 8-30% of incidents being disclosed. This suggests that the actual extent and impact of cybercrime in India could be much higher than reported figures. Encouraging individuals and organizations to report cyber incidents and ensuring transparency in the reporting process is crucial to effectively combat cybercrime.

It is important to educate the public and private sectors about the procedural steps following the report of a cybercrime. Many people may hesitate to report incidents due to uncertainty about the consequences or lack of awareness regarding the subsequent actions that will be taken.

Enhancing awareness and understanding can encourage more victims and witnesses to come forward, facilitating a more effective response to cybercrime. Global cooperation and coordination are essential to address the transnational nature of cybercrime and the limited resources available. Collaborating between countries and agencies enables the sharing of information, strategies, and best practices, strengthening the capabilities of law enforcement agencies to combat cybercrime effectively.

Creating a secure architecture requires collaboration between the public and private sectors at national, regional, and global levels. Singapore’s anti-scam center serves as a prime example, enabling real-time information sharing between sectors. Establishing cooperative frameworks enhances the response to cybercrime by leveraging the expertise and resources of the private sector.

Interpol is ready to cooperate with the private sector in combatting cybercrime, as demonstrated by their gateway project in Singapore. This initiative allows for real-time sharing of information, enhancing investigation and prevention efforts. Collaboration between the public and private sectors has the potential to strengthen the fight against cybercrime.

While crime will always exist, efforts should be focused on reducing the risk associated with cybercrime. Taking a holistic approach that incorporates effective security measures, international cooperation, and ongoing education and awareness programs is key. By addressing the root causes and implementing comprehensive strategies, the impact of cybercrime can be mitigated.

The ethical use of AI in law enforcement provides an opportunity for more effective deterrence and prosecution. Leveraging AI technologies aids in identifying and apprehending cybercriminals, ensuring fair and just legal processes. Striking a balance between technology and ethical practices is crucial for harnessing the full potential of AI in combating cybercrime.

Bringing cybercriminals to justice is an essential part of fighting cybercrime. Robust investigation and prosecution by law enforcement authorities establish a strong deterrence, sending a message that cybercriminals will be held accountable for their actions. This serves as a significant deterrent and protects individuals and organizations from cyber threats.

In conclusion, global law enforcement faces significant challenges in combatting the increasing volume of cyber-related crimes. The lack of legislation and capabilities hinders effective investigation, highlighting the need for increased investment and resources. AI presents both opportunities and challenges, demanding urgent action to prepare for future threats.

Accurate reporting, education, global cooperation, and a holistic architecture of security are crucial in addressing cybercrime. Ethical use of AI and the pursuit of justice for cybercriminals contribute to creating a safer digital environment.

Arguments

Cyber defense is critical during international conflicts.

Supporting facts:

• There has been a cyber element to most conflict for many years.

• In Ukraine, a partnership was initiated between private sector and the public to bolster defenses.

Topics: Cybersecurity, International Conflict, Ukraine conflict

---

The partnership between private and public sectors is essential in bolstering cyber defenses.

Supporting facts:

• In the Ukraine example, pre-existing relationships between private and public sectors were essential.

• Businesses have tools, infrastructure and ability to change defensive postures rapidly.

Topics: Cybersecurity, Public-Private Partnership

---

Possible systemic cyber risks are not fully understood due to their complex nature

Supporting facts:

• Cyber risk is likely to be aggregating and systemic

• It is difficult to fully understand the nature of cyber risks

Topics: Cybersecurity, Risk Management

---

Simulation and scenario study can help anticipate cyber risks

Supporting facts:

• Oxford has been working on agent-based simulations

• These simulations show potential significant consequence if certain sectors are hit by a cyber crisis

Topics: Cybersecurity, Risk Management, Simulation Studies

---

The potential cost of a cyber crisis is massive and can stretch beyond any organization’s capital reserves

Supporting facts:

• Modelling and simulations show potential significant consequence

• Special policy decisions may be needed to protect certain sectors or organizations

Topics: Cybersecurity, Risk Management, Financial Impact

---

Establishing baseline cyber security levels globally

Supporting facts:

• Cyber threats are not restricted by national boundaries

• Cooperation and trust-building is essential for ensuring effective cyber defense

Topics: Cyber security, Global development

---

Promoting access to, and effective use of, cyber defense technologies

Supporting facts:

• Technology is a crucial component of cyber defense strategy

Topics: Cyber security, Technology access

---

Need for broader investment in strategy, policy, mindset, and rule of law in addition to technology toward cyber security

Supporting facts:

• Investment in various areas, from technology to law, is necessary for overall cybersecurity

Topics: Investment in cyber security, Rule of law

---

Leadership must understand and implement good cyber practice for an effective cybersecurity posture

Supporting facts:

• Leadership sets the tone and culture for cybersecurity in the organization

• It’s important for leaders to understand and respond to cyber threats appropriately

Topics: Cybersecurity, Leadership, Risk Management

---

Every member of an organization, not just one, must be ‘cyber fit’

Supporting facts:

• Everyone should understand cyber risk just like they understand financial risk

• The pace of technology and threat development means the whole organization needs to be cyber-ready

Topics: Cybersecurity, Risk Awareness, Organizational Development

---

Senior leaders may be highly targeted for cyber attacks, so their personal cybersecurity matters

Supporting facts:

• Emergence of deepfake tools and ransomware attacks could put senior leaders at high risk

• High level of training data available on public figures could be exploited

Topics: Cybersecurity, Risk Management, AI, Deepfakes, Ransomware

---

Make sure our senior leaderships, our cyber fit can deal with the risk

Topics: Cybersecurity, Leadership management

---

Supercharge our cyber defense by using AI

Topics: AI, Cybersecurity

---

Get used to doing insider threat detection and get good at threat hunting

Topics: Insider Threat detection, Cybersecurity

---

Report

The analysis highlights the critical importance of cyber defense during international conflicts. It emphasises the need for a partnership between the private and public sectors to strengthen cyber defenses, as seen in the example of Ukraine. The partnership between these sectors played a vital role in bolstering cyber defenses.

Preparedness in rapidly enhancing cyber defenses in potential conflict areas is essential. Investing in relationships and networks is crucial for effective cooperation and communication. International support is needed to defend public infrastructures against cyber threats. The analysis raises concerns about the complex nature of systemic cyber risks.

It suggests that these risks are not fully understood, making it challenging to anticipate and mitigate them effectively. Simulation and scenario studies are valuable tools for anticipating cyber risks and their potential consequences. The potential cost of a cyber crisis is a significant consideration.

Special policy decisions may be necessary to protect critical sectors or organizations. Modelling and simulations demonstrate the potential for significant consequences that could exceed any organization’s capital reserves. Urgent action is needed to address these cyber risks. Establishing baseline cyber security levels globally is crucial.

Cyber threats transcend national boundaries, making cooperation and trust-building among nations essential for effective cyber defense. Access to and effective use of cyber defense technologies are key in bolstering cyber defenses. Broader investment in technology, law, strategy, policy, mindset, and the rule of law is necessary for comprehensive cyber security.

The inclusion of the Global South in establishing cyber security resilience is important, as these regions have been largely left to their own devices during the COVID-19 pandemic. Leadership plays a significant role in cybersecurity. Leaders must understand and respond appropriately to cyber threats to ensure an effective cybersecurity posture.

The analysis emphasizes the importance of heightened cyber risk awareness among all members of an organization. Just as financial risk is understood, cyber risk should be ingrained into the mindset of individuals within an organization. The rapid evolution of technology and the threat landscape necessitates that the entire organization be “cyber fit.” The analysis also highlights the targeting of senior leaders in cyber attacks.

The emergence of deepfake tools and ransomware attacks puts senior leaders at high risk. Investment in enhancing “cyber risk fitness” among senior leadership is needed, given the close coupling of cyber risk and financial risk. In conclusion, the analysis underscores the critical importance of cyber defense during international conflicts.

It emphasizes the need for a partnership between the private and public sectors, preparedness in enhancing cyber defenses, and understanding systemic cyber risks. The analysis also stresses the need for global cooperation, access to cyber defense technologies, and broader investment in various aspects of cyber security.

Leadership and cyber risk awareness among all members of an organization are crucial, as are measures to protect senior leaders.

Arguments

Geopolitics has significantly influenced organizations’ cybersecurity strategies

Supporting facts:

• 70% of leaders who were surveyed stated that geopolitics has influenced their organization’s cyber security strategy

Topics: Cybersecurity, Geopolitics

---

There is a growing cyber inequity with smaller companies and countries struggling

Supporting facts:

• The number of organizations capable of minimum viable cyber resilience is down by 30% in the last year, smaller companies, and smaller countries are struggling

Topics: Cybersecurity, Economic inequality

---

Generative AI is seen as adding to the threat landscape in cyber security

Supporting facts:

• Fewer than one in 10 respondents believe that generative AI will give advantage to defenders

Topics: Cybersecurity, Artificial intelligence

---

A large number of cyber incidents were caused by third parties

Supporting facts:

• One third of organizations have suffered a material incident in the past 12 months and say it was caused by a third party.

Topics: Cybersecurity, Third parties

---

Need to include Global South in plans for resilience and building international partnerships

Supporting facts:

• The Global South was largely left to solve pandemic issues on their own

• Countries from the Global South received vaccines significantly later than Europe, America, and India

Topics: Digital Inclusion, Global South, International Partnership

---

Report

The analysis highlights several key findings regarding the relationship between cybersecurity and various factors such as geopolitics, economic inequality, artificial intelligence, and third parties. One significant point is that geopolitics has significantly influenced organizations’ cybersecurity strategies, which is seen in a negative light.

This suggests that the political climate and international relations play a crucial role in shaping cybersecurity approaches. Furthermore, a growing cyber inequity is observed, with smaller companies and countries struggling in this domain. This negative sentiment is supported by the fact that the number of organizations capable of minimum viable cyber resilience has decreased by 30% in the last year.

Smaller companies and countries are finding it particularly challenging to keep up with cybersecurity measures, leading to a sense of inequality in cyber protection. The analysis also explores the negative impact of generative artificial intelligence (AI) on the cybersecurity landscape.

It reveals that fewer than one in 10 respondents believe that generative AI will give an advantage to defenders. This finding suggests that AI, in this context, is perceived as adding to the overall threats faced in cybersecurity, rather than providing a solution.

More research and development in this area are needed to better understand and mitigate potential risks. In addition, a significant number of cyber incidents are caused by third parties. This observation highlights the importance of organizations strengthening their cybersecurity measures when collaborating with external entities.

Robust processes to vet and monitor third-party access to sensitive data and systems are crucial in minimizing the risk of cyber incidents. The analysis concludes with the urgent call for action to address the growing cyber inequity. The sentiment is neutral, indicating that while there is recognition of the issue, it is yet to be effectively resolved.

The input of 120 surveyed executives at the World Economic Forum further supports the call for urgent action to address this inequity. Additionally, the analysis emphasizes the need to include the Global South in resilience plans and international partnerships. It highlights the fact that countries from the Global South were largely left to solve pandemic issues on their own and received vaccines significantly later than Europe, America, and India.

This observation advocates for greater global inclusivity in building resilience and fostering international partnerships. Overall, this comprehensive analysis underscores the complex interplay between cybersecurity and various factors such as geopolitics, economic inequality, artificial intelligence, and third parties. It demonstrates the need for continuous vigilance, research, and cooperation to ensure robust cybersecurity strategies that are inclusive and resilient in the face of evolving threats.