Maintaining cyber resilience across the ecosystem is a challenge for all organizations and a priority for critical infrastructure sectors such as electricity, highlights the World Economic Forum (WEF).
The COVID-19 crisis has forced everyone to become heavily reliant on the internet and its digital economy.
The WEF advises businesses to consider cyberattack from a business perspective, looking at the cyber element of operational risks to their business as they become increasingly dependent on the internet and digital channels.
In the report Cyber Resilience in the Electricity Ecosystem: Boards and Cybersecurity Officers, WEF presents advice for cyber-aware electricity industry companies’ boards of directors to begin taking action immediately on this important and growing business risk.
The report identified seven implementation categories that require pressing action at the highest strategic level:
- Oversight of enterprise cyber risk and resilience
- Organisational governance
- Risk management
- Systemic cyber resilience
- Resilience plans
- Review of organization and board performance
- Community collaboration and interdependence
WEF cautions leaders to note that these implementation categories are not listed in order of importance; rather, they each support cyberattack within electricity companies.
The report addresses two distinct audiences (board directors and corporate officers accountable for cyberattack) and offers a method for finding a common language to encourage collaboration.
Furthermore, it presents three areas for consideration:
The journey to cyber resilience — the bridge between board directors and corporate officers accountable for cyberattack focuses on translating and communicating cyber risks, incorporating them in the enterprise risk register and aligning those risks with business strategic objectives — while maintaining operational resilience as the end goal. First, this report frames the journey towards a company’s cyber resilience. The seven categories mentioned defining the ability of a company to move from a reactive to a proactive data breach posture.
Recommendations for the directors of the board — only the board of directors can instil the cultural shifts and motivate the organizational shifts that must take place to ensure data breach. The section on actions for the board offers clear and achievable steps that directors should take immediately in order to improve cyberattack of their company. This section also recognises the important role that the board plays in embedding cyber resilience in the broader industry’s ecosystem.
Recommendations for corporate officers accountable for cyberattacks — the report provides corporate officers (and other senior cybersecurity executives) accountable for cyber resilience with the tools to communicate the most relevant and salient information in an effective way to support and guide the board of directors to make better risk-informed decisions related to data breach. It also highlights opportunities for the strategic-technical collaboration necessary to managing cyberattacks.