• United States




Cybersecurity: A global threat that we can control

Feb 06, 20195 mins
CyberattacksCybercrimeData and Information Security

Protecting data and thwarting cyberattacks now have ascended alongside dealing with natural catastrophes as the most pressing threats demanding the world’s full attention.

network iot world map us globe nodes global
Credit: Getty Images

If there were any question about the critically important role that information and cyber security practitioners play in the welfare of today’s society, there is new evidence spelling it out in stark, attention-grabbing terms. 

Data fraud/theft and large-scale cyberattacks were each identified among the top five global threats in the latest edition of the World Economic Forum’s Global Risks Report. The other elements on the list: extreme weather events, failure of climate change mitigation and major natural events, such as earthquakes and tsunamis.

Think about that for a moment: protecting data and thwarting cyberattacks now have ascended alongside dealing with natural catastrophes as the most pressing threats demanding the world’s full attention.

In some ways, the cybersecurity dangers we face are similar to the other, naturally occurring disasters that occupy the top spots on the global threats risk. Just like a city or village can appear perfectly tranquil one day, only to be torn asunder the next by a raging storm or fierce earthquake, too many organizations today are lulled into a false sense of security, preoccupied by business as usual, and then are blindsided by a major cyber incident that causes business upheaval from which they may never fully recover. But unlike most of the natural disasters that cause so much damage, humans are capable of preventing much of the suffering that results from attacks on our digital world. That is a challenge the security community must commit to addressing on a global scale.

Given that backdrop, it is encouraging that the recent gathering of world leaders in Davos for the 2019 World Economic Forum included extensive discussions around cybersecurity and its rising importance in the global digital economy. As Brad Smith, president and chief legal officer at Microsoft, said in a panel discussion in Davos, “It’s all about keeping the world safe. The world depends on digital infrastructure and people depend on their digital devices, and what we’ve found is that these digital devices are under attack every single day.”

A holistic approach keeps cyber threats at bay 

Cybersecurity is a fundamental enabler of the digital economy, protecting organizational assets, contributing to business continuity, defending brand names, potentially providing a competitive advantage, and managing liabilities and risk as a whole. The failure of organizations to take sufficient action in protecting themselves and their customers from cyber threats has necessitated increasing regulatory involvement, with 2018 marked by the enforcement of the EU’s General Data Protection Regulation (GDPR) and similar policies being crafted in the US and elsewhere; Smith anticipates a large-scale federal privacy law in the US to be enacted within the next year or two.

While new regulation and the development of national cybersecurity strategies can be helpful, there is not one or two isolated steps that alone can keep us safe. Cybersecurity requires a holistic approach, taking into account people, process, technology, organizational structures, business strategies and addressing the overall business ecosystem, which nowadays is built through the interfacing of many actors. These actors increasingly work across international borders, meaning the more substantive dialogue that international leaders have, such as the conversations that took place in Davos, the more opportunity for meaningful collaborations that will drive toward real solutions. This dialogue must be ongoing and include both the public and private sectors, as well as academia and industry professional associations.

These challenges are only going to intensify in the coming years. The evolution of the cyberthreat landscape cannot be ignored, especially with the rapid proliferation of new technologies and the corresponding changes to business models. The fact that only 40 percent of respondents to ISACA’s 2018 Digital Transformation Barometer express confidence in their organization’s ability to assess the security of systems based on AI and machine learning suggest that the challenges will only escalate in the coming years as AI and other fast-developing technologies are deployed more frequently. The global public and private sectors are still far from being prepared for this reality. In particular, there is much work to be done in recognizing the need to take a risk-based approach to understanding organizational cybersecurity preparedness and in appropriately prioritizing and investing in training resources for security teams.

One of the more interesting comments at the World Economic Forum came from Troels Oerting Jorgensen, Head of Centre for Cybersecurity at the WEF, who said, “We must not sell fear but protect hope to make sure the good side of the internet is always in focus.” That is a great way to look at it, but even better than hope is confidence, and confidence must be earned by being prepared. While cybersecurity appearing so prominently among top global threats is a jarring sight for all security professionals, at least there is no ambiguity about the extent of the challenge. While there is only so much humans can do about a tsunami or prolonged drought, cybersecurity is a people-driven challenge that our collective ingenuity and resolve can go a long way toward addressing.


Experienced leader and board member, international authority in cybersecurity, with a proven track record in developing and managing strategy, programs and initiatives. Innovative thinker, with several international patents to his name, proven successful communicator and consensus builder across borders and cultures.

Chris is Director and Past Chair of the Board of ISACA, an international non-for-profit association with more than 200 Chapters, serving more than 160,000 IT, Cybersecurity, Information Security, Audit, Risk and Compliance professionals, in 180 countries. He has served ISACA as Chair of the Board for 2 consecutive terms (2015-2016 and 2016-2017) and as director of the BoD for 9 terms (2010-2014 and 2015-present).

Chris is also a Board Member at INTRALOT a leading gaming solutions supplier and operator active in 42 regulated jurisdictions around the world. Prior to his role he has served as Group CEO, Group Chief Services and Delivery Officer, Group Director of Technology Operations and Group Director of Information Security.

He has also served as a member of the Permanent Stakeholders Group (PSG) of the European Network and Information Security Agency (ENISA) from 2012 to 2015. Chris has been working in the area of information technology for 20 years, he holds 3 patents, 6 awards and has authored more than 150 publications.

He holds a degree in Electrical and Computer Engineering and a Ph.D. in Information Security.