It is a hard truth that it is State action which is most likely to cause catastrophic damage to critical national infrastructure and thus to wider business.
A noticeable difference at this year’s Davos, apart from the absence of the shutdown American Government contingent and of European leaders kept home by populism, is an emphasis on practical business resilience in the face of the many current uncertainties and its implication for how to be a responsible business.
The myriad Davos sessions and billboards on artificial intelligence, robotics, blockchain (I wish I had a Swiss Frank for each of those) and automation only make sense if the networked technologies underneath them function reliably.
One much cited example of work on this resilience agenda is the World Economic Forum’s own center for cyber security, announced in years past but increasingly made real through the development of a skilled team. A driver for this effort is WEF’s own account of the top ten global risks for business on the basis of a poll of business leaders where the fourth global risk is seen as cyber-crime/fraud and the fifth is cyber attacks. In summary it is to foster global governance, stimulate work against cyber crime, facilitate global cyber crisis management, anticipate threats and risks, and develop the required global workforce.
This is commendable but risks only addressing part of the problem. The World Economic Forum as an organization and its attendees as a community will find it easy to agree on the commodity criminal threat which afflicts all businesses. Agreeing how to counter the action of States is more problematic for WEF as it strives to avoid taking sides (not least because those sides are present). It is a hard truth that it is State action which is most likely to cause catastrophic damage to critical national infrastructure and thus to wider business. A Davos discussion of data sharing in order to reduce harm from cyber events was high on aspiration but low on the practicalities of how this sharing might be made real given the lack of trust. If there was discussion of how business might call States out in order to change their behaviours it was muted.
The resilience theme spread significantly beyond the purely operational to the reputational. There were a number of fringe events on how to be a responsible business in the digital age with a focus on the future of work, the carbon footprint of online services and protecting the vulnerable from being exploited online. For me the strongest of these made the connection to cyber security where, if a service which is material to the well-being of the client or wider society is to be delivered online, it must be secure in an enduring way: secure by default.