The rapid pace of technological evolution and dramatic increases in connectivity are sparking discussion about what systemic cyber risks what might look like and how best manage them. In late April, Microsoft partnered with the World Economic Forum Council on Risk and Resilience on a workshop addressing the topics of systemic cyber risk and possible approaches to avert the dangers it poses. The interactive workshop focused on the financial services, transportation and healthcare sectors \u2013 given their importance to national economies, national security, the well-being of citizens and the potential impact of any systemic disruption.\u00a0 The event was the first step in developing a World Economic Forum report on the topic and examined the challenges of building resilience in today\u2019s rapidly evolving technology and threat environments.<\/p>\n
Diagnosing the problem<\/strong><\/p>\n In order to continue to improve resilience to systemic cybersecurity risks, we have to develop a more thorough understanding of what systemic risk really means and the role it has in some of the most important sectors of the economy. \u00a0I was fortunate to moderate our initial panel discussion, that was dedicated entirely to exploring the definitions of systemic risk and possible approaches to increasing resilience of the online ecosystems in light of those. \u00a0Panelists examined key vulnerabilities, identified single points of failure, and sought to understand the potential systemic consequences inherent in today\u2019s risk environment. Perhaps Phil Reitinger captured it best, that this might be one of the \u201cyou know it when you see it\u201d categories. Ultimately, although systemic risk is inherently difficult to describe, there was widespread agreement that without a stronger definition, the term loses all meaning and importance. While a simple way to think about systemic risk is as a cyber risk that rises above the enterprise level, we have to go deeper.<\/p>\n One way to do this is through refining those key characteristics we can agree help define systemic risk, including critical functions, interconnectedness, and contagion. We first must align on what is meant by systemic risk and the threat at hand if we are work cooperatively on what investments will be needed by enterprise and infrastructures to ensure greater cyber resilience.<\/p>\n Building better cyber resilience<\/strong><\/p>\n As we improve our understanding of systemic cyber risk, the next challenge is taking this knowledge to build better cyber resilience. While this is a complex and long-term challenge, the first step is understanding that there will be no simple technological fix. Solving this issue will require proactive efforts and the adaptability to quickly learn from mistakes. \u00a0Moreover, harmonization of approaches \u2013 across geographies and infrastructures \u2013 will be critical in increasing resilience. Those were the issues raised in the second panel moderated by my colleague, Angela McKay.<\/p>\n Here participants discussed two steps: incentivizing collaboration between those facing or defending against cyberattacks and improving metrics for cyber resilience. To make meaningful progress, partnerships between private and public sectors, including at state and local levels is essential. While those perpetrating cyberattacks frequently actively collaborate and have strong, shared incentives, that is not always the case with the defenders. The panel explored measures that could help entities of all types and sizes refine their enterprise risk management strategies and identify targeted areas for key investment. It was acknowledged that metrics that can succinctly and effectively evaluate organizations\u2019 resiliency to systemic cyber risk will go a long way in helping industry leaders and policymakers develop more rigorous cybersecurity defenses. \u00a0The conversation ended with a debate on incentives, in particular around how cultural and organizational change \u2013 rather than just technological \u2013 can be driven and highlighted challenges related to human resources, cyber-insurance, as well as ratings.<\/p>\n The future of cyber resilience<\/strong><\/p>\n We are just beginning of what should constitute effective resilience strategies. As we explored during the workshop, we have tremendous opportunity and responsibility to work together on this topic.\u00a0 This is an issue that can\u2019t be fixed just one company or government, but instead will require focused effort from all parties affected. The workshop was a tremendous opportunity to start this work \u2013 as it will take critical investment by enterprise and governments to begin to increase our collective cyber resilience.\u00a0 Microsoft was pleased to work with the World Economic Forum Council to bring key experts together and hear their perspectives and to help champion these efforts moving forward.<\/p>\n","protected":false},"excerpt":{"rendered":" The rapid pace of technological evolution and dramatic increases in connectivity are sparking discussion about what systemic cyber risks what might look like and how best manage them. In late April, Microsoft partnered with the World Economic Forum Council on Risk and Resilience on a workshop addressing the topics of systemic cyber risk and possible […]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3681],"products":[],"threat-intelligence":[],"tags":[3753,3822],"coauthors":[1928],"class_list":["post-32464","post","type-post","status-publish","format-standard","hentry","content-type-best-practices","topic-risk-management","tag-cybersecurity-policy","tag-microsoft-security-insights"],"yoast_head":"\n