If your organization is significantly backed by investors, you may get tired of them telling you how things should be done.
After all, they often have the leverage to do that.
Now, the World Economic Forum is encouraging investors to drive the train on cybersecurity as well.
This raises a question: what is the role investors can play when it comes to cybersecurity?
Leaders at the Forum say investors have the leverage needed to force their portfolios to become more cyber secure.
Here is part of the Forum's statement:
What is the role of the investment community in securing our digital future? Increasingly, evaluating the cyber-risk of target investments, and monitoring and mitigating the cyber-risk of portfolio companies are becoming part of investors’ fiduciary duty. They have an opportunity and the leverage to deploy investable capital in improving a portfolio company’s cyber-capabilities.
They have a responsibility to invest capital in enterprises. Knowing that they are looking for significant returns on investment, and that cyber-responsible investments are key long-term components of viable enterprises, it is also in their economic interest to foster responsible innovation.
In terms of managing cyber-risks, certain industry sectors are starting to demand more security features from their suppliers. For example, the healthcare sector in the US is multiplying demand for more secure products. Hospitals have started requiring that medical-device makers improve the cyberdefences of their internet-connected infusion pumps, biopsy imaging tables and other healthcare products. Hospitals are testing devices and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities.
Other sectors are also starting to be aware that technology permeates all businesses and that they need to pay attention to the consequences.
With the growing demand for security-by-design products, better security features are increasingly rewarded by the market. Privacy and security are of growing importance for consumers.
Recent research by Bain & Company highlights that enterprise customers are willing to buy more of and pay more for internet of thing (IoT) devices if their concerns about cybersecurity risks are addressed. It also suggests that 93% of executives would pay an average of 22% more for devices with better security.
There's no question that many of the security leaders we interview at regional SecureWorld conferences are looking for security that is built in, not bolted on.
These thoughts are all well and good. However, the key question for investors remains: how much will the market truly reward when it comes to cybersecurity?
Cybersecurity thought leader Bruce Schneier is pessimistic on this front. We interviewed him just before his book signing at SecureWorld Boston.
[SecureWorld] In your latest book, you coined the term "internet plus." What do you mean by that, and why is it so insecure?
[Bruce Schneier] So internet plus is a name I invented for Internet of Things, plus the data, plus the connections, plus everything. I don’t know, it's a mediocre term, but there really isn't a term for everything, and what I'm writing about in the book is the totality of everything. And why is it so insecure is a book in itself. The short answer is the market doesn't reward good security, so we get lousy security. And the government doesn't regulate good security. So there's absolutely no incentives anywhere to have good security. So we don't.
Can investors be part of the solution to change this? Schneier wants greater government involvement in the market to improve cybersecurity.
Watch our interview to hear his thoughts, and then please let us know what your thoughts are on this topic.