世界經濟論壇（WEF）：2022年全球網絡安全展望報告（英文版）（35頁）.pdf

1、Global Cybersecurity Outlook 2022I N S I G H T R E P O R TJ A N U A R Y 2 0 2 2In collaboration with AccentureContentsCover: Quardia/GettyimagesDisclaimer This document is published by the World Economic Forum as a contribution to a project, insight area or interaction. The findings, interpretations

2、 and conclusions expressed herein are a result of a collaborative process facilitated and endorsed by the World Economic Forum but whose results do not necessarily represent the views of the World Economic Forum, nor the entirety of its Members, Partners or other stakeholders. 2022 World Economic Fo

3、rum. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system.PrefaceForewordExecutive Summary1 Surveying the Landscape1.1 A new generation of breaches1.2 Th

4、e transition to cyber resilience2 Bridging the Gap: Cyber and business2.1 Prioritizing cybersecurity in business decisions2.2 Gaining leadership support2.3 Recruiting and retaining talent2.4 Action: the importance of partnerships3 Securing the Ecosystem3.1 Ecosystem vulnerability3.2 The importance o

5、f resilience3.3 Success through transparency and trust4 ConclusionAppendix: MethodologyAcknowledgementsContributorsEndnotes3451113151719202223242626272930313233Global Cybersecurity Outlook 20222PrefaceAs human behaviour and interaction continue to be shaped by increasingly ubiquitous technologies, o

6、rganizations must continuously adapt their capabilities to deal with and prevent malicious actors from taking advantage of the shifting technological landscape. Cybersecurity must be prioritized in all domains of society and the economy if we are to unlock the true potential of the digital economy.

7、Cybersecurity is not a separate technology but rather a foundational set of systems spanning technology, people and processes for the Fourth Industrial Revolution.The accelerated shift to remote working during the COVID-19 pandemic coupled with recent high-profile cyberattacks have resulted in bring

8、ing cybersecurity top of mind among key decision-makers in organizations and nations. Despite the growing cognizance of cyber risks, decision-makers and cyber experts are often not on the same page in terms of prioritizing cybersecurity, integrating cyber risk into business strategy and integrating

9、cyber leaders into business processes. Much still needs to be done to arrive at a shared understanding of how to strengthen cyber resilience.Building cyber resilience is a core focus of the World Economic Forum Centre for Cybersecurity. We bridge the gap between cybersecurity experts and decision-ma

10、kers at the highest levels to reinforce the vital importance of cybersecurity as a key strategic priority.In 2021, the Centre engaged over 120 global cyber leaders to generate high-level insights on emerging cyber threats. Taking the global pulse on the state of cybersecurity is essential to clearly

11、 identifying the emerging risks and developing actionable solutions to address them. The aim of this report is to provide an in-depth analysis of the challenges that security leaders are dealing with, the approaches they are taking to stay ahead of cybercriminals and the measures they are implementi

12、ng to enhance cyber resilience not only within their organizations but also within the wider ecosystem.Cyberspace transcends borders. We therefore need to mobilize a global response to address systemic cybersecurity challenges. We hope the insights in this report will serve to foster collaborative a

13、pproaches to building cyber-resilient ecosystems.Jeremy JurgensManaging DirectorWorld Economic ForumGlobal Cybersecurity Outlook 20223ForewordThe Global Cybersecurity Outlook will be an annual report highlighting the trends and progression as organizations begin to shift from a cyber-defensive postu

14、re to a stronger cyber-resilience position. As our cyber ecosystems expand and integrate, it is becoming more important to ensure all organizations can anticipate, recover and adapt quickly to cyber incidents. Security-focused leaders must be able to communicate their risk and mitigation strategies

15、effectively and clearly to business leaders. We surveyed 120 global cyber leaders from 20 countries across the World Economic Forum Cybersecurity Leadership Community and the Accenture Cybersecurity Forum, to gain a global perspective on how cyber resilience is being perceived and implemented, and h

16、ow they can better secure our ecosystems, together. To build an ecosystem resilient enough to withstand and not falter in todays environment will need a unified approach.As identified in our survey and workshops, leadership support is critical to adopting cyber resilience within an organization. Als

17、o identified, and equally important, is ensuring there are no communication or coordination gaps between cybersecurity and business leaders. Given that technologies are constantly shifting and evolving at a rapid pace, spurred by machine learning and automation advancements, combined with increasing

18、ly capable and affordable hacking resources available to cybercriminals, leaders must be united and synchronized in their cyber resilience initiatives.In partnership with the World Economic Forum Centre for Cybersecurity, it is our goal to provide insights and solutions to build stronger ecosystems

19、from which organizations can benefit, learn from and move into this highly connected and digital future with confidence.Kelly Bissell Global Lead, Accenture Security, AccentureGlobal Cybersecurity Outlook 20224At the time of writing, digital trends and their exponential proliferation due to the COVI

20、D-19 pandemic have thrust the global population onto a new trajectory of digitalization and interconnectedness. One of the starkest and most troubling new consequences of our digitalized existence is the increasingly frequent, costly and damaging occurrence of cyber incidents, sometimes even paralyz

21、ing critical services and infrastructure. This trend shows no signs of slowing, notably as sophisticated tools and methods become more widely available to threat actors at relatively low (or in some cases no) cost. Signs of increasing digitalization are everywhere. The International Telecommunicatio

22、n Union recently reported that fixed broadband access has increased significantly on all continents as a direct result of teleworking, distance learning, remote entertainment and telemedicine.1 Most technologically advanced countries prioritized the expansion of digital consumer tools, fostering dig

23、ital entrepreneurial ventures and investing in innovation across universities, businesses and digital authorities2 whereas emerging economies prioritized increasing mobile internet access, training digital talent and generating investment in R&D and digital enterprises. This begs a question: How wil

24、l smaller and less powerful countries protect themselves and their natural resources if they are not able to protect their digitally connected infrastructure? The cybersecurity poverty line question becomes even more pressing in the ever-increasing surge of connectivity.3 Considering these ongoing c

25、yber challenges, the World Economic Forum Centre for Cybersecurity engaged the Cybersecurity Leadership Community consisting of 120 cyber leaders who are senior-most executives from private and public sectors representing 20 countries. The focus of the Centre for Cybersecuritys work was to gather da

26、ta via a Cyber Outlook Survey and the Cyber Outlook Series (see Appendix) and analyse it to understand cyber leaders perceptions, and the trajectory of cybersecurity and cyber resilience. The results of the analysis shed light on valuable insights about the state of cyber and perceptions about the c

27、urrent path of cyber resilience. Executive SummaryKey findings include: 1. While many factors are driving cybersecurity policies forward, we identified through our survey that 81% of respondents believe that digital transformation is the main driver in improving cyber resilience. The accelerating pa

28、ce of digitalization due to the COVID-19 pandemic and the shift of our working habits is pushing cyber resilience forward. As many as 87% of executives are planning to improve cyber resilience at their organization by strengthening resilience policies, processes and standards for how to engage and m

29、anage third parties.2. Our research revealed three main and critical perception gaps between security-focused executives (chief information security officers), and business executives (chief executive officers). The gaps are the most visible in three areas:2.1 Prioritizing cyber in business decision

30、s; while 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk-management strategies, only 55% of security-focused leaders surveyed agree with the statement.2.2 Gaining leadership support for cybersecurity; 84% of respondents share that cyber resilience i

31、s considered a business priority in their organization with support and direction from leadership, but a significantly smaller proportion (68%) see cyber resilience as a major part of their overall risk management. Due to this misalignment, many security leaders still express that they are not consu

32、lted in business decisions which results in less secure decisions and security issues. This gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies.2.3 Recruiting and retaining cybersecurity talent; our survey found that 59% of all

33、 respondents would find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team. While the majority of respondents ranked talent recruitment and retention as their most challenging aspect, business executives appear less acutely aware of the gaps than th

34、eir security-focused executives, who perceive their ability to respond to an attack with adequate personnel as one of their main vulnerabilities.Global Cybersecurity Outlook 20225Global Cybersecurity Outlook 20226Below: your_photo Gettymimages3. The threat of ransomware continues to grow. As many as

35、 80% of cyber leaders stressed that ransomware is a dangerous and evolving threat to public safety. The survey confirmed that ransomware attacks are at the forefront of cyber leaders minds, with 50% of respondents indicating that ransomware is one of their greatest concerns when it comes to cyber th

36、reats. Ransomware attacks are increasing in frequency and sophistication, and this ever-present threat is keeping cyber leaders up at night. Ransomware attacks are followed by social-engineering attacks as the second-highest concern for cyber leaders; number three on this list is malicious insider a

37、ctivity. A malicious insider is defined as an organizations current or former employees, contractors or trusted business partners who misuse their authorized access to critical assets in a manner that negatively affects the organization.4. Small and medium-sized enterprises (SMEs) are seen as a key

38、threat to supply chains, partner networks and ecosystems. In our research, 88% of respondents indicate that they are concerned about cyber resilience of SMEs in their ecosystem.5. Cyber leaders have indicated that clear and productive regulations are needed, that would allow and encourage informatio

39、n sharing and collaboration. The value of partnerships is proven; over 90% of respondents report receiving actionable insights from external information-sharing groups and/or partners.This report uses a retrospective analysis of recent years to share the knowledge and concerns of cyber leaders with

40、one goal: helping decision-makers prepare for the next generation of cyberattacks. “Throughout the past year, we have received stark reminders that malicious cyber activity threatens our national and economic security and impacts the daily lives of individuals, communities and organizations around t

41、he world. The World Economic Forums Global Cybersecurity Outlook 2022 helps leaders understand the evolving threats we face and develop concrete solutions to enhance their own security and increase cybersecurity resilience worldwide.”“Looking ahead to 2022-2023, cybersecurity must be seen as a strat

42、egic business issue that impacts decision-making. To mitigate risks like ransomware and social engineering, organizations must ask not simply how they are protected, but how well with an eye to strength, sophistication and efficacy.”Alejandro N. Mayorkas, Secretary, US Department of Homeland Securit

43、y, USANancy Luquette, EVP, Chief Risk and Compliance Officer, S&P Global, USA7Image: Quardia/GettymimagesGlobal Cybersecurity Outlook 20228Image: Quardia/GettymimagesGlobal Cybersecurity Outlook 2022“The rise of supply chain threats and escalating ransomware attacks are the most pressing cyber chall

44、enges the international community needs to address. Business leaders must consider cybersecurity as a risk management issue and balance the trade-offs between security, usability and cost at the Board or C-suite level.”“The well-being of every person, organization and country depends on the applicat

45、ion and security of digital technologies. If introduced and developed in a secure manner, they can bring stability, prosperity and would significantly raise the quality of life. However, if security is not prioritized, they can be the root cause of various kinds of problems. This is true of all prog

46、ress, so our goal is not to shy away from it but to apply new technologies with security in mind and take the global community to fantastic new heights.”David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency (CSA), SingaporeStanislav Kuznetsov, Deputy Chairman of the Exe

47、cutive Board, Sberbank, Russian FederationGlobal Cybersecurity Outlook 2022: HighlightsFIGURE 1Cyber leaders say cyber resilience and cybersecurity are synonymous with the differences not well understood59%Not confident in cyber resilience2%Concerned about cyber resilience practices7%Perform cyber r

48、esilience practices with some inefficiencies 74%Confident in cyber resilience17%Over 90% of cyber leaders who say cybersecurity and cyber resilience are synonymous also believe they are resilientOrganizations affected by a third-party cyber incident in the past two years“Cyber resilience in my organ

49、ization is integrated into enterprise risk management”27%Security-focused executives disagreewith this statement0%Business executives disagree with this statement55%Have not been affected39%Have been affected6%Do not knowThird-party cyber incidents reduce respondent confidence in their organizations

50、 resilienceRespondents with a third-party cyber incident in the last two yearsRespondents without a third-party cyber incident in the last two years0%10%20%30%40%50%60%70%Not confidentConcerned about cyber resilienceConfident about cyber resilienceRespondent confidence in their organizations cyber r