Climate Change
Commentary and analysis shaping our Global, Regional and Industry agendas
Learn more about our events which work to shape the Global, Regional and Industry agendas
Upcoming Event
Read our reports on the broad range of global issues we’re seeking to address
Learn about our activities tackling the most significant global challenges through public-private collaboration
Global Challenge Initiatives
- Economic Growth and Social Inclusion
- Employment, Skills and Human Capital
- Environment and Resource Security
- Food Security and Agriculture
- Future of Health
- Future of the Global Financial System
- Future of the Internet
- Gender Parity
- International Trade and Investment
- Long-Term Investing, Infrastructure and Development
Latest activity
Committed to improving the state of the world
Partnering for Cyber Resilience
Cybersecurity is a high-level item on leaders' agenda across all sectors. Business, governments and individuals are rapidly taking advantage of faster, cheaper digital technologies to deliver an unprecedented array of social and economic benefits. The process of digitizing and connecting, however, introduces a range of new risks.
The Forum aims to help leaders identify and address these emerging business and social risks so that the benefits of digitization can be pursued with confidence. The overall objective of this work is to normalize cyber risks through the development of top-level leadership awareness, understanding and action on cyber risks. While leaders are now generally aware of the risks, we can observe a wide range of maturity in terms of understanding and action across different industry sectors and regions.
Ambition
The overall goal of the Forum's cyber security/resilience work is to normalize cyber risks. Normalizing cyber risk means that managing those risks should not arouse fear, uncertainty and doubt, but rather that it must become business as usual for individuals, companies, and governments. Even if the landscape of cyber risks is constantly changing, the Forum aims to ensure that we have the institutional and social mechanisms and the normative basis to constantly iterate defences and resiliency measures to manage those risks.
In service of this over-arching goal, the focus for 2016 will be on empowering boards and executive teams with tools and practices to identify and manage the business risks emanating from cyber threats. By supporting resilience at the governance level, the Forum's work will encourage cyber resilience throughout the enterprise and broader society.
Background
Through a number of multistakeholder working groups the Forum community has already contributed substantially to this space. Some specific outputs have included:
- Development of Principles & Guidelines (100+ CEO/Minister/SG level signatories across 14 industries and 23 countries), including Cyber Risk Framework and Maturity Model, further expanded here and below
-
Risk and Responsibility in a Hyperconnected World: analysis of global macro impact (up to $3 trillion/5% global GDP by 2020), future scenarios and a shared Framework for Global Collaboration -
Towards the Quantification of Cyber Threats: innovative risk quantification model “Cyber Value-at-Risk” lays the foundation for consistent quantification within and across enterprises, potentially leading to further development of risk transfer/cyber insurance markets -
Beyond Cybersecurity: book reviewing primary research with over 200 organizations on ‘gamechanging’ actions for business and governments
Objectives
The goal of the Forum’s Cyber Resilience project is to create tools and procedures and drive organizations to implement them in order to effectively integrate cyber resilience into business strategy. Specifically, the project will aim to:
- Identify, develop and share best practices for board and executive governance and processes
- Identify, develop and share tools that support dialogue between boards/executive teams and operational teams
- Develop a process for sustained dialogue between boards/executive teams and policymakers along with well-defined roles for actors in both the public and private sectors (e.g., around critical infrastructure or liability thresholds)
- Develop a common, customizable strategic/business framework, for board and cabinet-level usage, that takes account of the different cyber risk taxonomies and approaches used in different industry sectors
- Develop a principle-based approach to recognize and manage risk from the Internet of Things
- Foster collaboration with the insurance industry to normalize cyber risk
- Examine and quantify cyber risk in industry verticals, including health, automotive, and critical infrastructure
Partners
ABB
Adobe Systems GmbH
Airbus Space and Defense
Akamai Technologies
Alcatel-Lucent
AlienVault Inc.
Alliander N.V
Aon Corporation
ARM
BAE Systems
Barclays
Bazovy Element Limited
Bharat Forge Ltd
BMC Software Inc.
BT
Cabinet Office
CA Technologies
Cisco
CloudFlare
Dell Inc.
Deloitte
Desjardins Group
Desjardins Group
Deutsche Bank
DigitalGlobe Inc.
Dow Chemical
EMC Corporation
ENI
Eurojust
European Commission
European Network and Information Security Agency (ENISA)
Europol (European Police Office)
EY
FIS
Fujitsu Limited
Godrej Industries Ltd
Golomt Bank LLC
Good Technology
Government of Amsterdam
Groupe Socota
Grupo Prisa
HCL Corporation Ltd
Hewlett-Packard Company
Hewlett Packard Enterprise
HSBC Holdings Plc
Huawei
Infosys
Intel Corporation
International Bank of Azerbaijan
International Criminal Police Organization (INTERPOL)
Internet Corporation for Assigned Names and Numbers (ICANN)
Iron Mountain Information Management
Itaú Unibanco
Kaspersky Lab
Kudelski Group
Link America
Lockheed Martin Corporation
Lookout Inc.
Mahindra and Mahindra
Mara Group
McKinsey & Company
Microsoft
Ministry of Communications and High Technologies of Azerbaijan
Ministry of Information and Communications Technologies of Colombia
Ministry of Internal Affairs and Communications of Japan
Ministry of Security and Justice of the Netherlands
Mozilla Corporation
NATIONALE MAATSCHAPPIJ DER BELGISCHE SPOORWEGEN - NMBS NV
Netherlands Organisation for Applied Scientific Research (TNO)
Organization of American States (OAS)
Palantir Technologies
Port of Rotterdam
ProRail
PwC
Qualcomm
Reputation.com
R.H. Donnelley Corporation
Rod Beckstrom Group
Royal KPN NV
Salesforce
SAP Software System Co. Ltd
SAS
Saudi Basic Industries Corporation (SABIC)
Schiphol Group
Schuberg Philis
Sonae SA
Standard Chartered Bank
Swiss Reinsurance Company Ltd
TaherInvest
Tata Consultancy Services
Techonomy Media
The Boston Consulting Group - BCG
The Depository Trust & Clearing Corporation (DTCC)
The New York Times
The Olayan Group
Thomson Reuters
TIBCO Software Inc.
Unilever
Verifone Inc.
Vimpelcom
Vimpelcom
Vimpelcom
Visa Inc.
Visa Inc.
Wipro Technologies
WISeKey SA
World Economic Forum
Zurich Insurance Group