The World Economic Forum released their Global Cyber Security Outlook earlier this year for 2024. In a review of a Toronto IT Support Company, the report focuses on the SME’s being in the negative end of the Cyber Inequity. Below is a further discussion about this.
The World Economic Forum is a non-profit international organization for public-private cooperation. It is an organization that “strives to demonstrate entrepreneurship in the global public interest while upholding the highest standards of governance.” Their Global Cyber Security Outlook dissects trends in cybersecurity which may affect economies and societies in the coming year. Aside from the cyber inequity in different levels of businesses, the impact of rising technologies was also discussed in the January 2024 Outlook. It is also worth noting that there is now a shift of priorities from protection to resiliency. This means the ability of businesses to bounce back, adapt and respond in the event of a cyber-attack.
The report was based on 199 participants from 49 different countries who completed a 23-question survey. This also includes qualitative data gathered from one-on-one interviews, workshop and 2-question poll from forum audience.
The January 2024 report primarily focuses on the inequity in the cyber resilience of businesses across industries. It mentions that the cybersecurity economy grew faster than the overall global economy in 2022. Pushing further, it grew four times faster in 2023. However, despite this exponential growth, organizations have experienced that growth in diverse ways.
The number of businesses with a minimum level of cyber resilience has significantly decreased by 30 percent. Among these organizations, Small and Medium Enterprises (SMEs) are significantly affected. And while large companies have increased their cyber resiliency, many SMEs say that they do not have enough cyber resilience to even cover critical operational requirements.
Upon closer inspection of a Toronto IT support company, several factors have been mentioned as to why SMEs are unable to keep up with the cyber resiliency trend. Mostly cost related, SMEs do not have access to tools, talent and or IT management service providers needed to keep even a minimum level of cyber resiliency in case of an attack. On the flip side, the divide is further widened as larger corporations are able to get their hands first on cutting edge technologies. With SMEs falling behind, the fragile integrity of the cybersecurity ecosystem is further threatened.
Generally, the cybersecurity professional pool is too small compared to rising demand. This is further worsened by the fact that the possibility of having new talents emerging is also coming up dry. In this year’s respondents, 38% say that lack of skills is the main issue in achieving their goal of cyber resiliency. With 78% reporting that their organization does not have in-house talents to hit their cybersecurity objectives. SMEs are at a disadvantage as access to the right talent to fill their needs is elusive. Even with access, they still cannot compete against larger companies who offer more to get these professionals in their camp.
In an attempt to answer the issue of the skills gap, companies turn internally. As much as 41% of these companies look into identifying employees who can upskill to fill-in the position. Over 91% of these businesses are willing to pay for additional courses and training in cybersecurity and certification of their existing staff. However, given that most cybersecurity roles and positions still require a university degree, only 9% of businesses are willing or can afford to take this route.
Businesses always look at cost as a major part of decisions. Cyber and business leaders acknowledge that the second most critical issue in keeping up with cyber resiliency is cost. Businesses usually upgrade their system’s hardware and software at a slow pace, if at all. Thereby affecting the speed of introducing new tools and technologies.
In the same line, business leaders are hesitant to invest more on cyber resiliency tools because they believe that the cost of the risk is less than the investment cost.
Lastly, another factor in cyber resiliency mentioned is cyber insurance. SMEs with 250 employees or less are least likely to spend on cyber insurance. The reason would mostly be cost-related given the price of policy increasing greatly.
The cyber ecosystem is interconnected given its nature and how it affects the supply chain. In a report from SecurityScorecard and the Cyentia Institute in 2023, it states that 98% of businesses have a relationship with at least one third-party company who has experienced a cybersecurity attack in the past couple of years. This means, both large corporations and SMEs are in danger should this cyber inequity persist.
Cultivation of best practices is the first step for SMEs in becoming cyber resilient. This involves training and education of employees on what are the trends in cyber-attacks to make them aware of what to watch out for. Ensuring updated software, the use of safe passwords and multi-factor authentication is also important are also basic security protocols that must be followed diligently by all staff involved.
Adapting the Zero Trust-Always Verify approach is also a must. Make sure to have a company protocol that involves added phone, video or in-person verification and not just emails. This is particularly important for matters like invoice payment or sharing sensitive business information.
Compliance with the rules and regulations set by your government also plays a crucial role in the fight for cybersecurity and your business’ cyber resilience. This includes the review of your cybersecurity protocol and timely reporting of incidents, as they come.
In response to the lack of cybersecurity talent in your company, you can get help from cybersecurity and IT management professionals. They can look after training for your staff, as well as review your systems for updates and other loopholes that can be fixed. Additional security measures within your company’s budget can also be recommended. Look for Cybersecurity providers who specialize in Business Continuity and Disaster Recovery to bump up your company’s cyber resilience.
The cybersecurity ecosystem as a whole is a fragile system. It affects all businesses large or small in more ways than expected. Even larger companies with more than sufficient cyber resilience systems can be made vulnerable by simply attacking a smaller third-party business involved in its supply chain. It is therefore important that every part of the ecosystem meets at least the minimum level of cyber resiliency. Even SMEs can still do their part despite limitations. But they do need pointing in the right direction.
Resources:
https://www.weforum.org/about/world-economic-forum/
https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2024.pdf
https://www.forbes.com/sites/bernardmarr/2023/10/11/the-10-biggest-cyber-security-trends-in-2024-everyone-must-be-ready-for-now/?sh=470a973f5f13