Spending on cybersecurity products and services is expected to top 123 billion U.S. dollars for 2020, more than double the 55 billion U.S. dollars spent in 2011.1 In that same period, cyber breaches quadrupled. Organizations globally face increasing liabilities, while boards of directors grapple with a seemingly Sisyphean challenge. Cyber Crossroads was born out of these alarming trends and a realization that the world cannot go on funneling finite resources into an indefinite, intractable problem. Cyber Crossroads brings together expertise from across the world, spanning aspects of the cyber problem (including technology, legal, risk, and economic) with the goal of creating a Cyber Standard of Care built through a global, not-for-profit research collaborative with no commercial interests. A Cyber Standard of Care should be applicable across industries and regardless of the organization size. It should be practical and implementable, with no requirement to purchase any product/service. Cyber Standard of Care should be woven into the existing governance fabric of the organization and it should not be yet another technical checklist, but a process/governance framework that can stand over time. To achieve this, we engaged with cyber risk experts and practitioners with a variety of relevant expertise, secured the advice/guidance of regulators and legal experts across jurisdictions, and interviewed leaders from 56 organizations globally to understand their challenges and identify best practices.
翻译:预计2020年网络安全产品和服务支出将达到1,230亿美元,比2011年的550亿美元高出一倍以上。 1 在同一期间,网络违约事件翻了一番。全球各组织面临越来越多的负债,而董事会却在应对一个看似西西天派的挑战。网络十字路口产生于这些令人震惊的趋势,认识到世界无法将有限资源注入一个无限期、棘手的问题。网络十字路口汇集了世界各地的专门知识,涵盖网络问题的各个方面(包括技术、法律、风险和经济),目标是通过全球非营利性研究协作,在无商业利益的情况下,建立网络关爱标准。网络关爱标准应适用于各行业,而不论组织规模大小。网络十字路口应切实可行且可执行,无需购买任何产品/服务。网络关爱标准应融入本组织现有的治理结构,不应成为另一个技术清单,而应是一个能够长期存在的进程/治理框架。为了实现这一目标,我们与网络风险专家和从业人员接触了网络风险专家,并了解了56个全球监管者/从业人员的最佳做法。