Bridging the Cyber Inequity Gap

Em Blog Cyber Inequity Gap Main Image

Cyber inequity affects everyone, and 90% of cyber leaders surveyed by the World Economic Forum and Accenture said that inequity requires urgent action.1 The Global Cybersecurity Outlook 2024 report looks at some of the significant differences between those organizations that are cyber resilient and those that aren’t. While money is a primary reason for inequity, macroeconomic trends, industry regulations, and even the threat landscape itself contribute to the gap.

The World Economic Forum has been tracking “minimum viable cyber resilience.” This phrase means an organization has sufficient cybersecurity tools and processes to maintain critical operations. The number of organizations that believe their resilience meets the minimum has shrunk dramatically — from 67% in 2022 to 36% this year. Both the number of organizations who say their resilience is insufficient and those who say it exceeds their requirements have grown.

More low-revenue organizations reported they lost cyber resiliency than they gained. While 37% of low-revenue organizations said their resilience was insufficient, only 15% of high-revenue organizations did. Resources and skills gaps were reported as the number one barrier to cyber resilience. However, this is most challenging for public service organizations and least challenging for high-revenue organizations, showing the ability to pay for skills that demand a higher salary plays a big part.

The global shortage of skilled security personnel exacerbates this. According to ISC2, that shortage now numbers four million people worldwide.2

Cyber Inequity’s Broad Impact

While the World Economic Forum report shows resilience is most difficult for lower revenue businesses, the impact of cyber inequity is far-reaching. Low-revenue organizations with insufficient cyber resiliency are often partners or vendors for other organizations. This connection creates a concern for third-party risk.

The breach of a major U.S. retailer in 2013 brought third-party risk to the public eye. Analysis of that breach revealed that a small third-party vendor with access to the retailer’s network had insufficient security controls.3 This allowed attackers to get a foothold and eventually access info on 40 million credit and debit cards, demonstrating how a weakness in one organization can quickly spread to partners.

Since that breach, third-party risk management has received greater focus as part of a broader risk mitigation strategy. A recent study from EY found that 90% of respondents are investing to improve their third-party risk management program’s effectiveness.4

Causes of Inequity

According to the World Economic Forum, a number of factors have led to cyber inequity. Some industries are more resilient overall due to regulations. Others have invested in security out of necessity because attackers frequently target them, and they are at risk of huge losses.
But global economics also plays a part.

High and low-resilience organizations are divided by geography. Higher cyber resilience was reported in North America and Europe, while lower resilience was reported in Latin America and Africa. Less developed countries have fewer people connected to the internet—just 27% compared to a global average of 63%, according to the United Nations.5 While cybersecurity skills are in short supply globally, the available talent pool is even smaller in less-developed countries.

What’s Being Proposed to Close the Inequity Gap?

The World Economic Forum report offers four strategies to help close the cyber inequity gap:

  1. Increased affordability. Open-source solutions or subsidies can help supply the right tools to be effective.
  2. Education. This can fill the resource gaps, whether that’s upskilling employees or helping them pursue continuing education.
  3. Regulation. More than 60% of both public and private organization leaders said cyber and privacy regulation effectively reduces risk.
  4. Third-party support. High-revenue companies can help their supply chain partners improve their security posture, improving cyber resilience for everyone involved.

Strategies for Achieving Cyber Resilience for All

As we have shared, the data confirms that the widespread challenge of cyber inequity threatens individual organizations as well as broader networks. The Global Cybersecurity Outlook 2024 underscores the critical need to tackle this disparity where high-revenue organizations report adequate resources while their lower-revenue counterparts struggle. And there are tangible strategies for overcoming the gap.

Increased affordability and accessibility of cybersecurity tools, comprehensive education and upskilling programs, tighter cyber and privacy regulations, and collaborative third-party risk management efforts are first-line solutions to level the cyber playing field.

Yet, as cyber threats evolve, so must the collective approach to cyber resilience, working toward a future where cybersecurity is a universal standard, not a privilege.

  1. World Economic Forum, Global Cybersecurity Outlook 2024, Jan. 2024
  2. ISC2, Cyber Workforce Study 2023, Nov. 2023
  3. United States Senate Committee on Commerce, Science, and Transportation, A “Kill Chain” Analysis of the 2013 Target Data Breach, Mar. 2014
  4. EY, 2023 EY Global Third-Party Risk Management Survey, Oct. 2023
  5. United Nations, Widening Digital Gap between Developed, Developing States Threatening to Exclude World’s Poorest from Next Industrial Revolution, Speakers Tell Second Committee, Oct. 2023