Global cyber governance preparing for new business risks

Digital, data and cyberReportApril 26, 2015

Cyber crime respects no borders. A better global governance framework would be a significant step toward addressing the threats posed by new technologies. A report by the ESADEgeo-Center for Global Economy and Geopolitics and Zurich suggests ways to counter the risks and move closer to an adequate governance structure.

Share this

There is an urgent need to act to stem cyber risks, including threats that originate across borders. Better global governance would be a significant step toward efforts to mitigate risks. A report bythe ESADEgeo-Center for Global Economy and Geopolitics and Zurich reviews the challenges to this approach and offers innovative solutions.

Emerging technologies will fundamentally change the nature of cyber risk

Cyberspace has become essential to our daily lives and a practical necessity for governments and businesses. Yet this dependency comes at a price: Cyber security is arguably the most salient non-traditional security issue on the global agenda, and cyber risks increasingly are linked to other global risks.

Addressing an inadequate global cyber governance framework

Cyber attacks respect no borders, making it essential to approach cyber governance in a ‘holistic’ and global way. Despite recent progress, we still lack a comprehensive and functional regime of global cyber security. A study that included mapping the rules, institutions, and procedures of the current global cyber governance framework revealed the true nature and extent of the issues at stake. The study discovered a global cyber governance regime comprised of three distinct types of concerns and participants. At one end of the spectrum, where governance deals mainly with technical issues and relies on a multi-stakeholder model, governance is effective. At the other end of the spectrum, which includes the realm of threats like cyber warfare and state-sponsored sabotage, effective global governance is completely lacking. Between these two extremes is a ‘gray zone’ where interests of industry, governments and individuals, global governance models and organizational cultures coincide. This middle zone offers a promising place to start to work to encourage effective international efforts.

Offering ideas for a new governance framework

The private sector should take steps to effectively manage cyber risk, even in the absence of an overarching global governance framework. Sharing more information and ensuring a properly-functioning insurance market are some ways to do this. Lacking a broad international consensus, the private sector can still play an active role by lobbying for guiding principles to overlay the global cyber governance framework. 

For policymakers, major progress might be achieved by, for example, strengthening global institutions, and include creating a G20 + 20 Cyber Stability Board. A cyber alert system modeled after the World Health Organization (WHO) would also be an effective tool. Enhancing public-private cooperation, including dialogue and incentives for investment in cyber security, would be a further step forward. Beyond embracing dialogue, policymakers should increase representation of less-developed countries and civil society in the global governance framework.