What we learned from the World Economic Forum Global Cybersecurity Outlook 2024

by Suid Adeyanju

Between ongoing economic hardship, geopolitical instability, increasingly sophisticated threats and a talent shortage that’s leaving key roles unfilled, the cybersecurity landscape is rife with uncertainty.

This growing complexity can make the ultimate goal of cybersecurity—protecting our most valuable digital assets—seem even more challenging to achieve.

With multiple issues to tackle, creating a governance strategy that mitigates the evolving cyber risks we face today is no easy feat. So how can cybersecurity leaders prioritise their response and adequately defend their organisations?

Recently, the World Economic Forum released its 2024 Global Cybersecurity Outlook report. The report outlines the emerging cybersecurity trends that will have the biggest impact on global economies and communities in the coming year.

Let’s take a look at some of the report’s key findings to find out what we’re up against, and how we can prepare for it.

There’s growing inequality in cyber resilience

Though awareness of cyber threats is on the rise, it appears not every organisation has the means to defend against them.

A cyber resilience chasm is forming between organisations that are able to build cyber resilience and those that aren’t. Investment in cybersecurity is exploding, growing four times faster than the world economy in 2023. However, the benefits of that investment are not being distributed equally, with less developed nations, sectors, and communities being left behind. This inequality is creating a pronounced disparity that threatens the integrity of their ecosystems.

The cost of adequate cyber services, solutions, and talent, as well as the early adoption of cutting-edge technology by large organisations, are two of the key factors creating the divide. The advantages enjoyed by larger organisations with deeper pockets are clear, with the highest-revenue organisations being 22% more confident than their smallest peers that their cyber resilience exceeds their needs.

And this gap between the cyber haves and have-nots is becoming so severe that a growing number of organisations are now unable to maintain the minimum security standards required to protect themselves.

The healthy middle grouping of organisations able to maintain minimum viable cyber resilience is disappearing, with businesses reporting minimum viable levels of cyber resilience down 31% since 2022.

The report calls for a systemic solution to address the rising inequality in cyber resilience that’s leaving countless organisations and entire countries at risk, especially given the interwoven nature of the digital ecosystem.

No organisation is a digital island, and because of these connections, this disparity threatens to impact even the most cyber-resilient businesses. Today’s cyber supply chains are complex and wide-ranging, connecting many organisations with third parties that may not have the same levels of cyber resiliency. In fact, a massive 98% of organisations have connections with at least one business that has experienced a breach in the last two years.

And emerging technology isn’t helping

The rise of emerging technologies is doing nothing to help close this gap in cyber resilience, with the most innovative solutions currently available to only businesses that have the capital, talent, and knowledge needed to utilise them. Among the lowest-revenue organisations, the lack of sufficient cyber resilience is up 32% since 2022.

But it’s not just costs that are proving prohibitive. There’s also a lack of understanding about cybersecurity solutions among smaller, less wealthy organisations that’s proving problematic. As Rotem Iram, Chief Executive Officer of At-Bay, put it: “Security solutions are becoming too sophisticated, to the point where many SMEs struggle to operate them, let alone afford them.”

As so many organisations struggle to access and harness emerging technologies to strengthen their security posture, there’s also massive concern around how these technologies are being used by those on the other side of the cyber war.

Currently, many in the industry believe that new technologies like generative AI will give attackers an advantage. More than 90% of those surveyed for the report are of the opinion that bad actors will be faster to take advantage of these opportunities, particularly across areas of risk like deepfakes, disinformation, and targeted advertising.

The cyber talent shortage is worsening

Here’s a finding that won’t surprise you: the cyber skills shortage continues to plague our industry, with creative actions desperately needed to address the problem.

In this year’s report, 78% of respondents reported that their organisations do not have the in-house skills to fully achieve their cybersecurity objectives.

In need of cyber skills and faced with a tight talent market, many organisations are turning to upskilling to close their skills gaps. Forty-one percent of respondents reported having used this method, compared to 33% looking to hire externally.

And employees are clearly up for the challenge, with 70% of employees open to returning to college or earning a certification that would enable them to perform in a cybersecurity role if it was funded by their employers.

Greater integration among businesses is increasing risk

Establishing digital connections between organisations is fantastic for productivity. Supply chains become more efficient, and information is shared more effectively to help all parties accomplish their objectives faster.

But all these new connections create additional vulnerabilities, opening up countless new endpoints that can be targeted by cyber attackers.

Understanding the cyber risk coming from their own supply chains and third-party relationships is a major factor in building cyber resilience for organisations of all sizes. As the report states, no organisation can be truly resilient if the partners on whom it relies are fragile.

In our eagerness to drive better outcomes by collaborating more closely with third parties, we introduce massive amounts of risk to the cyber ecosystem. In many cases, that risk is not being sufficiently mitigated, and organisations know it. Only 23% of leaders say they’re optimistic that industry and ecosystem collaboration will significantly improve in the next two years.

Third-party relationships are both an asset and a hindrance. If any organisation is going to thrive in this hyper-connected and risk-filled world, due diligence must be carried out to closely examine the resilience of partners and third parties.

The good news: Cyber and business are becoming more aligned

This report cements the challenges organisations face to build and maintain cyber resilience in the face of talent shortages, increasingly complex technologies, and growing inequality that threatens even the most well-protected among us.

“The struggle to maintain high-quality—or even adequate—cyber-resilience capability is fast becoming a zero-sum game,” concludes the report, sounding the alarm on the wide-spread effects of cyber resilience inequity.

Clearly, we all have a responsibility to change the current trajectory and bolster systemic resilience, generating the kind of rising tide that will lift all our boats.

And there is some good news on that front. The report found that the percentage of business executives expressing concern about the level of cyber resilience in their businesses has increased. This encouraging statistic could be due to a growing understanding of cyber risk, and the potential impact that an attack can have, among business leaders. Fortunately, it seems that understanding is informing governance, with 65% of cyber leaders and 57% of business leaders stating that cyber resilience is integrated into their risk management.

Consciousness of cyber resilience is also flourishing at the top of the org chart. CEOs are more aware of cyber risk than ever, with almost three-quarters of CEOs reporting concern about their company’s ability to avoid or at least minimise damage from a cyberattack.

And given the importance of taking an organisation-wide approach to building cyber resilience, that kind of cognizance can only be a good thing.

Six steps to boost cyber resilience

Building robust cyber resilience is tougher than ever in today’s complex threat landscape. If you’re not sure where to start, check out these six consensus-based principles that the WEF recommends to help govern cyber risk.

  • Embed cybersecurity as a strategic business enabler
  • Establish and maintain core security fundamentals
  • Understand economic drivers and the impact of cyber risk
  • Incorporate cyber-resilience governance into business strategy
  • Align cyber-risk management with business needs
  • Ensure organisational design supports cybersecurity

Reduce your cyber risk in 2024 with RiverSafe

RiverSafe provides perspective and insight into the status of your security infrastructure, creating a unified solution that puts you in control. Supported by advanced technology, a robust implementation model and team training, RiverSafe ensures your business is secure, informed and future-proofed.

Get in touch to arrange a cyber security consultation with our team.

Book a consultation

By Suid Adeyanju