A framework for Responsible and Secure Innovation
Technology brings many positive innovations and opportunities but unless it is developed with security in mind, it presents more risks and potential disruption than solutions. This report provides a framework to develop technology in a secure manner, focusing on essential principles such as privacy-by-design and security-by-design.
The great digital shift
The COVID-19 pandemic has underscored the importance of incentivizing cybersecurity in technological development. The security and privacy features in technology are more vital than ever as the majority of public and private communications and operations have shifted to the digital domain. Recent research shows that 93% of executives are willing to pay almost 25% more for more secure devices and technology.
The purpose of this insight report is to provide tools and guidance for entrepreneurs, innovators and investors to enable them to improve security features in new technologies and incorporate cybersecurity features from the get-go. We present here a number of essential cybersecurity requirements to be taken into account when developing new technology, innovation and new companies, to maximize their resilience.
Not so fast
Entrepreneurs have a twofold responsibility: to ensure that their companies and products are digitally secure and that they have a recovery plan ready to activate should hackers succeed. This is all the more important for small and medium-sized enterprises, to which a cybersecurity incident could be fatal or significantly diminish its valuation and attractiveness for investment. Today there is a serious imbalance between the time to market and the time to security. Market forces pressure for shiny new products and tech gadgets or applications, they care little about the security embedded in a new technology. The current trend rewards entrepreneurs who develop new products as fast as possible and market them at the earliest availability, disregarding that this creates an enormous attack surface of ever newer products filled with vulnerabilities for cyber criminals to exploit. Were entrepreneurs and innovators encouraged and incentivized to prioritize security features in their product development from the very beginning, a much safer cyber space would be incrementally possible.
Consumer behavior is changing and consumer concerns about privacy and security are growing, inevitably leading to changes in market forces. Clearly these changes must incite entrepreneurs to understand the importance of cybersecurity when launching new products, innovating and developing new entities. Investors, on the other hand, must have the tools they need to evaluate the state of cyber preparedness of their potential investments. In the building of innovative business models and technology solutions, cybersecurity is essential to protecting data, intellectual property, online transactions and ensuring user trust. Digital technologies are introducing new vulnerabilities faster than they can be secured and the prospect of curbing cyberattacks diminishes with each additional unsecured technology. Technologies are at increased risk because cyberattacks could cause more traditional, kinetic impacts as technology is being extended into the physical world, creating a cyber-physical system. Without security, anything connected to the internet, from a vehicle to a medical device, can be hacked, exploited and presents a threat to an organization.
We should not forget... that entrepreneurs are typically small and medium-sized enterprises (SME) and that SMEs represent about 90% of businesses and more than 50% of employment worldwide. Cyber-related incidents could have a dramatic impact on their survival.
More businesses are understanding that cybersecurity is an enabler of the everyday operations and its significance will only increase in the future. In terms of successful business conditions, cybersecurity is a business management challenge that requires a strategic and unified approach across all business units to ensure its most effective implementation.
4 things to know about cybersecurity
1. Cybersecurity is an enabler of the everyday operations of most businesses today and its significance will only increase in the future.
2. It is vital for the founders of and investors in a new business to commit to cybersecurity if they are to succeed in building cyber capabilities and foster a cyber-focused environment.
3. The successful future of our digital economies depends on integration of cyber essentials from the get-go of technological development.
4. Cybersecurity must be an ongoing, dynamic process, requiring regular assessment of risk and consideration of what else might be needed to reduce risk to acceptable levels and according to evolving business needs and challenges.
Cyber essentials: how to build security into tech innovation
The cyber essentials developed by the World Economic Forum and its partners consist of core cybersecurity principles and requirements to be applied when developing new companies and innovation. They represent what the Forum’s Centre for Cybersecurity and its partners consider to be the most important requirements that, if implemented, will provide a robust cybersecurity framework encompassing organizational, product and infrastructure security.
The successful future of our digital economies depends on integration of cyber essentials from the very outset of technological development. Incorporating cyber essentials in business processes and corporate culture must be an continuous process, not a once-a-year audit or compliance effort. The commitment to prioritizing cybersecurity rather than considering it as an afterthought must be firmly rooted in and throughout the corporate culture, product and services development cycle. A detailed cybersecurity programme and strategy does not have an end goal, but rather must be adapted and adjusted on regular basis.
The cyber essentials proposed in this report were developed by a community of stakeholders involving executives from technology companies, investment firms, credit rating agencies, entrepreneurs, academics and public-policy experts. The proposed cyber essentials are:
Organizational security: Cybersecurity culture Cybersecurity governance Cyber resilience
Product security: Security by design Privacy by design
Infrastructure security: Data governance Third party security
Readers of this report will find a detailed description of each cyber essential followed by practical steps for entrepreneurs on their implementation and guidance for investors on how to validate them. It is important to emphasize that cyber essentials need to be tailored to each organization, based on its size, nature and type of product. A matter of survival
The technology is here to stay and flourish: there are no “digital rollback” plans. Consequently, entrepreneurs and innovators have a responsibility to respect technology as an essential component of daily life and consumers must demand security and safety standards as they do of other essential products and services.
Everyone needs to step up: users and consumers, governments and regulators, corporations and investors. The successful future of our digital economies depends on integration of cybersecurity principles like privacy and security by design from the get-go of technology development. The cyber essentials focus on improving the security baseline across technology innovation. Over time, implementing the fundamental security and privacy features in technology will reduce the frequency, scale and success of cyberattacks and breaches, resulting in substantially more robust cybersecurity across industries and geographies. Incorporating cybersecurity in technology from the very start of its development is no longer an option; it underpins the survival and stability of our economic systems, the transparency, sustainability and trust in our communication tools. It is a matter of national and international security.
Licenced from Weforum.org