SecurityScorecard, a global leader in security ratings, has released one of the world’s first Cyber Resilience Scorecard. It provides an unprecedented view of global cybersecurity risk, arming leaders with data-driven insights to safeguard the world’s economies.
Key findings include:
Cyber risk vs. GDP: Economic prosperity improves cybersecurity
The study identified a strong correlation between a country’s cyber-risk exposure and GDP. The data underscores that a nation’s economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyberthreats.
Top 10 threat actor groups: The adversaries behind 44% of incidents
The same 10 threat actor groups are behind 44% of worldwide cyber incidents, including notable names like Cobalt Group, Sandworm Team and the notorious АРТ28 hacking group, also known as Pawn Storm, Fancy Bear and BlueDelta.
Geopolitical hotspots: Operational infrastructure concentrated in China and Russia
Threat groups operate globally, but their operational infrastructure is concentrated in some countries more than others, with 24% originating from China and the Russian Federation accounting for 15%. These insights shed light on the geopolitical dimensions of cyber conflict.
High-risk sectors: Tech titans in the crosshairs
Information services and technology industries experienced the majority of cyber incidents, closely followed by critical infrastructure, including telecommunications, financial services and government. This concentration of risk emphasises the importance of collaborative cyber-risk management, as these high-risk sectors face and contribute to rapidly increasing cyber-risk.
Interconnected supply chain risk: Navigating a complex matrix
The intricate interdependence among various industries within the supply chain further complicates the cybersecurity landscape. As cited by the new SEC cybersecurity incident disclosure requirements, SecurityScorecard research found that 98% of organisations use a third party that has been breached.
“Policymakers globally need to find new methods to assess national resilience and evaluate if policies and programmes enhance cyber resilience,” said Rob Knake, former Deputy National Cyber Director in the United States. “You can’t manage what you don’t measure. This inaugural Global Cyber Resilience Scorecard provides a ground-breaking benchmark that global leaders can use to continuously assess cyber defence efforts and communicate clearly with global stakeholders in understandable terms.”
Cybersecurity transparency builds resilience
According to Gartner, transparency delivers 53% improvement in third-party cyber-risk management effectiveness. Similar to credit ratings, Security Ratings provide global leaders with a shared framework for cybersecurity risk management. Notably, organisations with an ‘F’ rating are 7.7x more likely to experience a breach than their A-rated counterparts.
“Progress starts with precise measurement. And until recently, cybersecurity lacked effective measurement,” said Dr Aleksandr Yampolskiy, CEO and Co-founder, SecurityScorecard. “As the World Economic Forum convenes to address the imperative of rebuilding trust, Security Ratings arm global leaders with a universal language to be relentlessly data-driven in managing cybersecurity risk. By establishing clear KPIs, we can enhance cyber resilience, ultimately renewing trust in our digital ecosystem.”
Methodology
The Cyber Resilience Scorecard was created by analysing cybersecurity scores for 6.3 million entities in 189 countries across 17 regions worldwide. SecurityScorecard continuously updates Security Ratings for over 12 million entities, monitoring 250+ cybersecurity signals. Data scientists correlated the 6.3 million cybersecurity scores with the International Monetary Fund 2022 GDP per capita data to assess the cyber risk and economic correlation.