The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024
SecurityScorecard Returns to the World Economic Forum’s Annual Meeting: Our Top 5 Insights
Last week, SecurityScorecard was invited back to participate in the World Economic Forum’s Annual Meeting in Davos, Switzerland. It was a tremendous honor and, once again, we were the only security ratings company present (and one of the few cybersecurity companies).
Our team spent the week with a dynamic mix of tech innovators, thought leaders, and heads of state, discussing some of the world’s most pressing political, societal, and economic challenges. This year’s theme was “Rebuilding Trust”—a very timely topic amidst geopolitical tensions, wars in Russia/Ukraine and Israel/Gaza, and increased polarization globally.
Below are our top 5 insights based on official WEF gatherings, privately-hosted SecurityScorecard events, as well as private meetings with multiple CEOs, ranking corporate executives, and world leaders.
1. AI, AI, AI
It was practically snowing AI in Davos; and attendees spent a lot of time grappling with the ethical and responsible uses of AI in everything from employment and art, to tech and government. Some of the key questions being asked of AI were: is it peril or hope? Is AI regulation headed in the right direction or is it woefully inadequate?
AI is sometimes referred to as the “terminator,” but our take is that it is more like a “teenager” right now—it makes mistakes, it’s immature, and needs oversight. You wouldn’t let a teenager fly an airplane, and similarly ChatGPT can’t write a college essay. Kudos to the CSO at our partner CheckPoint for a clever superhero AI analogy: AI is not Superman who is all-powerful; AI is more like Batman—it is a tool that provides the power.
The WEF’s recently-released 2024 Global Cybersecurity Outlook (GCO) surveyed executives, and found that fewer than one in 10 respondents believe that in the next two years generative AI will give the advantage to defenders over attackers. The GCO also found that “emerging technology will exacerbate long-standing challenges related to cyber resilience” and will accelerate the divide between the most capable and the least capable organizations.
The rapidly evolving tech landscape also means a looming cyber inequity, and the need for greater public-private cooperation.
2. Cyber inequity a growing concern
The GCO also highlighted the growing inequity or “have” v. “have not” between organizations that are cyber resilient versus those who are not. It found that 90% of cyber leaders believe such inequity requires urgent action as more lower-revenue organizations are losing resiliency, and higher-revenue organizations are maturing.
Last week in Davos, SecurityScorecard released the first-ever Global Cyber Resilience Scorecard, confirming a similar finding that GDP and cyber risk are correlated (i.e., higher GDP means lower cyber risk). We also found that China led the world in originating cybersecurity attacks at 24%, with Russia next at 15%.
SecurityScorecard also participated on an official WEF workshop on “Cyber Insecurity” with Dorit Dor (co-founder of Check Point), Bryan Palma (CEO of Trellix), Stanley Bergman (Chairman and CEO of Henry Schein), Chris Inglis (former White House Cyber Director), Catherine De Bolle (Executive Director Europol), and others.
3. Supply chain vulnerabilities
It’s no surprise that supply chain resilience is one of the biggest challenges in cybersecurity—in fact, our research has shown that 98% of organizations have a relationship with at least one third-party that has experienced a breach in the last two years.
There is also a growing concern of an over-digitization of cyber tools, and certainly of AI tools as well (one commentator remarked that there are 8,000 cyber tools, it would take over 21 years to fully demo the landscape).
It’s estimated that 54% of organizations have an insufficient understanding of cyber vulnerabilities in their supply chain. Even 64% of executives who believe that their organization’s cyber resilience meets its minimum requirements to operate say they still have an inadequate understanding of their supply-chain cyber vulnerabilities.
Supply chain, however, extends beyond cybersecurity and still presents efficiency-related challenges for companies in global trade, manufacturing, logistics, and transportation sectors.
4. Elections and geopolitical risk
Forty countries are holding national elections in 2024, representing nearly half the world’s population (a combined 4.2 billion people). Consequently, democratic leaders are worried about the threats of fascism, nationalism, disinformation, and a number of other risks for democratic and free societies. The U.S. presidential election in November of this year is a primary focus, along with U.S. macroeconomic conditions such as expected rate cuts. At the same time, uncertainty continues in the relations and growing tensions between China and Taiwan.
For these reasons and more, CEOs are keeping a close eye on geopolitics, especially with the war in Israel, the Red Sea and the Suez Canal, and the disruption to some supply chains. Additionally, continuing concerns around the war in Ukraine and the continuing impacts on energy security and food security remain top of mind for all world leaders.
5. Regulations and critical infrastructure
Sixty percent of executives agree that cyber and privacy regulations effectively reduce risk in their organization’s ecosystem, up 21% since 2022. Regulators are particularly focused on critical infrastructure, which is an attractive target for cybercriminals. In Davos, we spoke on a private panel hosted by the Cybersecurity Future Foundation with the president of Healthcare-ISAC. On that note, SecurityScorecard recently became the cybersecurity partner to Canada to help that country with its critical infrastructure.
Over the course of the week, multiple CEOs expressed heightened expectations from their regulators, particularly regarding disclosures beyond simply notifications of breaches and other basic or baseline requirements.
Whether or not AI should be regulated is a major point of debate as well, and even those in favor of regulation still have questions on how exactly this should be done. Some experts are concerned that restrictive regulation of AI at its origin could stifle innovation and development. The biggest challenge in complying with regulations, at least for cybersecurity, as identified by the WEF’s 2024 report, was “too many or conflicting” regulations across countries.
Rebuilding trust
At a time of increased polarization, the World Economic Forum’s Annual Meeting serves as a valuable reminder of the importance for dialogue, cooperation, and partnership. The theme of this year’s meeting was “Rebuilding Trust,” and SecurityScorecard used our time there to make meaningful connections with policymakers and business leaders to enhance resilience and trust among global stakeholders. We look forward to continuing these critical conversations, and thank the Forum for hosting us.