Article
6 Highlights From the 2024 World Economic Forum Annual Meeting
At-Bay CEO Rotem Iram’s key messages at the Davos event
At-Bay Co-founder and CEO Rotem Iram attended the 2024 World Economic Forum Annual Meeting in Davos, where many leaders came together to explore how policymakers, vendors, and small businesses can work together to better secure and protect their organizations from cybercriminals.
Rotem spoke at the Axios House event “Cybersecurity for the Other 90%”, the World Economic Forum’s workshop on “Cyber Insecurity, Analyzed”, and at a private roundtable on “Creating an Ecosystem to Drive SME Digitalisation” hosted by MasterCard and the Financial Times. Here’s a peek at some of the most compelling takeaways from the event.
The Growing Cybersecurity Gap Leaves Small Businesses Behind
The internet is not a hospitable environment for emerging businesses — but governments have been selective about intervening in cyber risk, leaving small businesses on their own. Even the smallest companies use dozens of technology products, and each product can break multiple times a year, leaving businesses with fragile, difficult-to-maintain tech stacks prone to a costly cyberattack.
Rather than focusing on running their businesses, these companies need to constantly read security blogs and update software to stay safe. Unfortunately, security vendors tend to focus on larger enterprises, making security sophisticated, expensive, and hard to manage. Small businesses are simply left behind.
Embracing an InsurSec approach, which combines the protection of cyber insurance with the prevention of cybersecurity, can help small and medium-sized businesses bridge this gap.
The “Use-at-Your-Own-Risk” Software Model Creates Outsized Cyber Risk
No one designed the internet to be risky on purpose. In earlier days, we were naive to assume that technology vendors or the market would solve cyber risk — but it isn’t being solved. There is a market failure for small businesses.
Today, we have normalized the idea that software breaks all the time, and we’ve created a system that doesn’t incentivize tech vendors to make their products less fragile. Basically, today’s software is “use at your own risk”. That’s a major issue.
Few Security Solutions Are Designed With Small Businesses in Mind
The security industry has always prioritized large enterprises with big budgets. As malware technology has advanced, so have the security tools an organization needs to thwart those risks. These sophisticated tools are not only too expensive for most small businesses, but they require expert operators that these small businesses can’t afford to hire or rent from a managed security services firm.
Software vendors must understand what’s at stake for small businesses and the economy at large. Caring about security for everyone — not just large enterprises — is a necessity that will not only benefit their customers, but also their bottom line.
Read the full Global Cybersecurity Outlook from the World Economic Forum here.
Tech Vendors Need to Take Accountability for the Risk They Create
The burden for security should fall onto the developers of software, not on the users. Tech vendors tend to prioritize functionality over security, leaving businesses responsible for adjusting the default security settings on their software. If those businesses don’t know what changes to make, or even that changes are needed — and most of them don’t — they unknowingly leave themselves vulnerable to simple, repetitive cyberattacks that take advantage of the software tools they rely on.
Correcting the shortcomings of default software settings — a change that would add minimal work for vendors (who simply need to change already available security settings to the default) has a huge potential reduction in risk for businesses (who no longer need to opt into basic security).
Read more in Rotem’s article on the World Economic Forum blog.
Insurance Can Pave the Way in Software Risk Regulation
Many tech vendors enjoy an oligopoly (if not a monopoly) in their space, says Rotem — which is why we need to create the right incentive structures to manage cyber risk. Government, media, consumers, and the insurance industry all have a role to play.
It starts with insurance, because it’s our money on the line and because we have unique insight into which software creates the most risk. Insurance providers can reflect software risk back to customers by charging higher premiums for those with riskier software products.
Get Rotem’s full insurance perspective here.
Governments Can Turn Insurance Standards Into Compliance
The government needs to create an incentive structure in addition to compliance and regulations to reduce the cyber risk created by software vendors. The major challenge is the government cannot build a blueprint for this regulation.
Historically, governments have not been good at understanding the nuance of technology to create a detailed response. There’s a big opportunity for the insurance industry to take its claims data and adjust policy pricing accordingly to create a standard for security. Government can intervene by reinforcing those standards and, where appropriate, turning them into compliance.
Read about how government and insurance can work together to bring order to the cybersecurity chaos.