You could produce a bible-length dossier on cybersecurity. Indeed, HFS’ State of Cybersecurity survey in 2018 found that it’s on everyone’s radar, but that there is also a damning lack of skills, too much suspicion, and a race for enterprises to do the very basics and benchmark themselves. What must happen now starts with the enterprise side: security leaders cannot wait any longer for the good intentions of policymakers to dictate their strategies to them. Bridge the gap between policy, academia, vendors, service providers, and society, and do it quickly.

Cybersecurity’s threat and damage are becoming increasingly stark

There’s not a company out there without security on the radar, although maybe a few firms in Exhibit 1 should make it a higher priority.

Exhibit 1: Cybersecurity is on every enterprise’s radar

 Do you believe cybersecurity is one of your C-suite management team’s top three priorities?

Source: HFS Research, State of Cybersecurity, 2018, N=300

Also, in 2018, a majority of enterprises told us they experienced or expected external (72%) or internal (62%) cybersecurity attacks. The WannaCry ransomware attack is a prime example of the potential damage; it disrupted a third of the UK’s NHS trusts, postponed thousands of operations and almost 20,000 appointments, and cost them £100 million.

Security leaders face a challenge. Criminals have the upper hand; there is no bureaucracy, and they can work across borders with sophisticated tools available at low cost on the dark web. The threat is ever-increasing; the internet of things’ (IoT) ballooning growth with poor, undefined security standards is the starkest example. McKinsey predicts that IoT coverage will expand 15% to 20% through 2020, and more beyond that, generating US$11.1 trillion each year by 2025.

Collaboration must be an essential element of all cybersecurity strategies—whether in research, business, the arts, or humanities

At the University of Cambridge Centre for Science and Policy (CSaP) Annual Conference,  Dr. Tristram Riley-Smith from the Partnership for Conflict called for re-strategizing, clearer direction, and further investment to come out of UK government’s cybersecurity initiatives; £100m has been invested across policing units and accelerator programs, among numerous other projects.

Research is an example of the power of collaborative ecosystems; mathematicians can support big data challenges, while engineers and technologists can develop better tools for cyber-defense and investigation. Social and behavioral sciences must also play their part: How do attackers think, learn, and deploy? It’s hard for organizational behemoths to move at the same pace as cybercriminals. Enterprises must understand their own vulnerabilities and raise the same level of awareness throughout their ecosystems and beyond, making up for the dire lack of skills we see in Exhibit 2.

Exhibit 2: The lack of skills is a huge issue for cybersecurity, so why not collaborate and make use of the expertise that’s out there?

What are your objections to making further investment in information security?

Source: HFS Research, State of Cybersecurity, 2018, N=300

There is an interesting link between Exhibits 1 and 2. Most enterprises have made cybersecurity a top 3 initiative, but the second-most common obstacle to investment is the lack of management support. So, they have highlighted it, but they still underinvest in it, in part because of the disconnect between security leaders and the board, which is laid bare in parallel HFS research.

Helen Evans, Head of Cyber Crime at the UK Government Home Office, cited the falling barriers to entry for cybercriminals. They don’t need to code or know coders, and they can even rent “malware-as-a-service.” Deploying solutions is a massive challenge. Evans cited the UK government’s desire to work with external leaders and set standards of “Secure by Design” fueled by collaboration. Many enterprises, however, remain hesitant to expand their cybersecurity partnership, for reasons that Exhibit 3 shows.

Exhibit 3: People are still too suspicious…

 What’s preventing you from using additional security services?

Source: HFS Research, State of Cybersecurity, 2018, N=300

Massive cyber-landscapes require complex cybersecurity arrangements and a multi-stakeholder approach; the Olympics is a prime example

Dr. Giamarco Persi Paoli from RAND Europe paid special attention to the Olympics’ increasingly massive digital footprint: Imagine a cloned news site reporting that an American superstar was banned for drug use. Just how many clicks might that lead to?

The Olympics, like most modern business, happens globally—where security, and especially cybersecurity, standards differ dramatically. No one owns cybersecurity; it’s everyone’s problem: the media, the public, and private stakeholders. Exhibit 4 paints just how concerning globalization is to executives when considering security.

Exhibit 4: Globalization is a substantial concern for businesses’ cybersecurity, so why not partner?

How important to the following business goals is your ability to properly secure your data?

Source: HFS Research, State of Cybersecurity, 2018, N=300

London’s 2012 Olympics was the first Olympics held during the full-blown smartphone era. Despite their cybersecurity success, fears were not unjustified that, for example, an attack on the opening ceremony would have a catastrophic reputational and financial cost. The market was predicted to react disastrously to an un-cyber-secured opening ceremony, resulting in a loss of faith in the Olympics and the whole UK. Cybersecurity is an issue for entire ecosystems and every ecosystem surrounding them.

Atos is one of the main partners driving the Olympics’ digital transformation. Tokyo 2020 will keep pushing the boundaries as “emerging” technology becomes ever-more mainstream; for example, 5G for mobile streaming, facial recognition, or virtual reality (VR). Patrick Adiba, CEO of North America Operations and Olympics & Major Events at Atos, cites the safety requirements of this transformation and finding the right balance with innovation. Atos has led partnerships with the Olympic Games’ committee, fans, and athletes, while also working across talent pools of consulting, IT services, AI-expertise, and more… with emphasis on university partnerships. Alibaba is another partner, beginning in 2018’s Winter Olympics, with a current partnership in place until 2028 to “revolutionize the experience for spectators.”

The Bottom Line: As enterprises seek to benchmark rapidly, security leaders must bring together stakeholders to identify their responsibilities and capabilities: sharing information, setting common security goals, and building a network-wide translator capacity.

Exhibit 5 displays the rush for cybersecurity throughout enterprises as they desperately try to benchmark, act now, and plan for the future.

Exhibit 5: Just look at how many enterprises are getting themselves benchmarked!

In the last 12 months, which, if any, of the following external services have you approached a provider for?

Source: HFS Research, State of Cybersecurity, 2018, N=300

Multi-stakeholder approaches allow leaders to bring the latest knowledge from an entire industry into the system and solution, but they also need to speak the same language—cue a “translator capacity.” Cybersecurity leaders must be the ones to build the required competency within their ecosystems. In the public sector, CSaP’s conference underlined the UK government’s desire to collaborate with business, academia, and beyond, but if enterprise leaders don’t forge bridges, cybersecurity experts will end up being dictated to by (relatively) cyber-illiterate policymakers. It won’t matter how good their intentions are.