The World Economic Forum and its partners have developed a new way for organisations to calculate the impact of cyberthreats. The framework, called ‘cyber value-at-risk’ comes at a time when cyberattacks are increasing in velocity and intensity, and when 90% of companies worldwide recognise they are insufficiently prepared to protect themselves against them.
“Continuous cyberattacks on global organisations are showing that we are at a crossroads,” said Alan Marcus, Senior Director of the Information and Communication Technology Industries at the World Economic Forum. “The same technologies many organisations have become so dependent on can also threaten their very core. This is why we are launching a Future of the Internet initiative in Davos, including this critical cyber value-at-risk framework.”
The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created in collaboration with Deloitte and with the input of 50 leading organisations from around the world. The report will be discussed at a session during the World Economic Forum Annual Meeting 2015.
The purpose of the cyber value-at-risk approach is to help organisations make better decisions about investments in cybersecurity, develop comprehensive risk management strategies, and help stimulate the development of global risk transfer markets. The framework helps organisations address questions such as how vulnerable they are to cyberthreats, how valuable the key assets at stake are, and who might be targeting them.
The framework requires organisations to understand key cyber-risks and the dependencies between them. It will also help them establish how much of their value they could protect if they were victims of a data breach and for how long they can ensure their cyber protection.