“Cyber WHO” needed to strengthen world’s inadequate cyber governance framework

“Cyber WHO” needed to strengthen world’s inadequate cyber governance framework

“Cyber WHO” needed to strengthen world’s inadequate cyber governance framework

The FINANCIAL -- A new report on cyber governance commissioned by Zurich Insurance Group highlights challenges to digital security and identifies new opportunities for business. It calls for the establishment of guiding principles to build resilience and the establishment of supranational governance bodies such as a Cyber Stability Board and a “Cyber WHO”.

Zurich Insurance Group (“Zurich”) and ESADE Center for Global Economy and Geopolitics (“ESADEgeo”), one of the leading authorities on global governance, on April 28 published a report, “Global Cyber Governance: Preparing for New Business Risks”, that proposes new measures to strengthen the global governance framework for managing evolving cyber risks.

The report observes that while emerging technologies such as drones, 3-D printing and self-driving cars are fundamentally changing the nature of cyber risk, the current regulation and governance regimes in place globally are inadequate to ensure the security of the world’s cyber infrastructure.

“The existing governance framework from the 20th century cannot be expected to respond sufficiently to 21st century technology,” Zurich’s Chief Risk Officer Axel Lehmann said. “We live in a world full of opportunities, but also risks. There is no better example of this than the relationship between information and communications technologies and cybersecurity. The cyber realm underpins almost all economic and societal activity – from finance to trade, information, energy and beyond.”

Geopolitical and ideological tensions between states, the report points out, are increasingly played out in cyberspace – including over matters of governance. “Growing political instability could be exploited by some governments aiming to reduce capabilities and scope of some technical institutions that provide stability and resilience to cyberspace, thus undermining its multi-stakeholder approach” said Javier Solana, President of ESADEgeo. “Isolating effective cyber governance from the current geopolitical tensions must therefore be a priority.”

Companies in almost all sectors are exposed to cyber threats with the potential to cause enormous damage in terms of reputation and physical losses, liabilities, and regulatory costs. Unchecked, these cyber threats could severely affect technical and economic development globally.

“The nature of cyber security is evolving so quickly it can be difficult for businesses to keep track of the risks let alone the solutions,” said Mike Kerner, CEO of General Insurance for Zurich. “It is very clear that businesses that want to protect themselves from cyber security and privacy risks must adopt a mindset of resilience.”

Based on a detailed mapping of the rules, institutions and procedures that form the current global cyber governance framework, the report highlighted opportunities for the private sector, civil society and policy makers to improve the current situation and facilitate the mitigation of cyber threats.

Recommendations to policymakers include the creation of a Cyber Stability Board to strengthen global institutions and insulate them from geopolitical tensions, and the creation of a cyber alert system based on the World Health Organization (WHO) to enhance crisis management.

At the same time, the private sector needs to engage in sharing information and employ  an approach which will increase their overall cyber resilience in order to address the inadequacies of the framework.