“Cyber WHO” needed to strengthen world’s inadequate cyber governance framework

A new report on cyber governance commissioned by Zurich Insurance Group highlights challenges to digital security and identifies new opportunities for business. It calls for the establishment of guiding principles to build resilience and the establishment of supranational governance bodies such as a Cyber Stability Board and a “Cyber WHO”.

Zurich Insurance Group (“Zurich”) and ESADE Center for Global Economy and Geopolitics (“ESADEgeo”), a leading authority on global governance, today published a report, “Global Cyber Governance: Preparing for New Business Risks”, that proposes new measures to strengthen the global governance framework for managing evolving cyber risks.

The report observes that while emerging technologies such as drones, 3-D printing and self-driving cars are fundamentally changing the nature of cyber risk, the current regulation and governance regimes in place globally are inadequate to ensure the security of the world’s cyber infrastructure.

“The existing governance framework from the 20th century cannot be expected to respond sufficiently to 21st century technology,” Zurich’s Chief Risk Officer Axel Lehmann said. “We live in a world full of opportunities, but also risks. There is no better example of this than the relationship between information and communications technologies and cybersecurity. The cyber realm underpins almost all economic and societal activity – from finance to trade, information, energy and beyond.”

Geopolitical and ideological tensions between states, the report points out, are increasingly played out in cyberspace – including over matters of governance. “Growing political instability could be exploited by some governments aiming to reduce capabilities and scope of some technical institutions that provide stability and resilience to cyberspace, thus undermining its multi-stakeholder approach” said Javier Solana, President of ESADEgeo. “Isolating effective cyber governance from the current geopolitical tensions must therefore be a priority.”

Companies in almost all sectors are exposed to cyber threats with the potential to cause enormous damage in terms of reputation and physical losses, liabilities, and regulatory costs. Unchecked, these cyber threats could severely affect technical and economic development globally.

“The nature of cyber security is evolving so quickly it can be difficult for businesses to keep track of the risks let alone the solutions,” said Mike Kerner, CEO of General Insurance for Zurich. “It is very clear that businesses that want to protect themselves from cyber security and privacy risks must adopt a mindset of resilience.”

Based on a detailed mapping of the rules, institutions and procedures that form the current global cyber governance framework, the report highlighted opportunities for the private sector, civil society and policy makers to improve the current situation and facilitate the mitigation of cyber threats.

Recommendations to policymakers include the creation of a Cyber Stability Board to strengthen global institutions and insulate them from geopolitical tensions, and the creation of a cyber alert system based on the World Health Organization (WHO) to enhance crisis management.

At the same time, the private sector needs to engage in sharing information and employ  an approach which will increase their overall cyber resilience in order to address the inadequacies of the framework.

Further information

For more than a century, Zurich has been a leader in risk management to help businesses understand and protect themselves from risk in a rapidly changing world and this rings true nowhere more so than in the cyber security arena. Zurich collaborated on this report with ESADEgeo because it is important to continue to understand the ever evolving nature of cyber security and its impact on businesses around the world.

ESADEgeo was launched in a context of transformation and change. The economic crisis has highlighted our interdependence and the global nature of the problems we face. It has also served to question the values and institutions on which our growth model has been based. Most importantly, it has accelerated the process of transferring power from the Atlantic to the Pacific coasts. Once we have fully recovered from the economic crisis, the geopolitical landscape will have changed.  Clearly, a new mindset is needed to adapt in the best possible way to this new reality, both from a theoretical and practical point of view, in order to build a better world. We need to be proactive and committed citizens to address the current problems. This is the objective that forms ESADEgeo’s strategic design and its first steps in 2010.