Introducing the Cyber Resilience Scorecard: SecurityScorecard Finds Global Cyber Risk and GDP Closely Linked
This week at the World Economic Forum Annual Meeting, SecurityScorecard published the first Cyber Resilience Scorecard, offering leaders and decision-makers a comprehensive and global view of global cyber risk. SecurityScorecard identified a strong correlation between a country’s cyber risk exposure and GDP, which underscores that a nation’s economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyber threats.
Examining cybersecurity around the world
These findings are further reflected in the WEF’s recently-released 2024 Global Cybersecurity Outlook (GCO), which examined cyber-resilient organizations globally, and found that the global cyber gap “tends to mirror other global development indicators.” Among its findings, the GCO reports that “the lowest number of self-reported cyber-resilient organizations are in Latin America and Africa, while the highest number come from North America and Europe.”
According to the GCO, this disparity is sometimes characterized as the “cybersecurity poverty line (CPL)”, which generally refers to the prohibitive cost of securing robust cybersecurity for personnel, technology, and systems. Though it can also be attributed to other factors, including: the cyber skills gap; a lack of knowledgeable leaders; the ability to understand shifting best practices; as well as access to highly innovative technologies. Taken together, these elements can significantly impact an organization or nation’s ability to stay ahead of the curve.
Critical infrastructure remains vulnerable
But cybersecurity is not limited to national boundaries—it presents a global challenge. And as the threat landscape continues to evolve, organizations in different countries and in multiple sectors are responding to these threats in varying degrees.
At last year’s WEF, SecurityScorecard presented a paper on the trust deficit in critical infrastructure, with specific focus on critical manufacturing. A year on, and cybersecurity is still a concern in the critical infrastructure sectors. Our research this year indicates that information services and technology industries experienced the majority of cyber incidents, closely followed by critical infrastructure, including telecommunications, financial services, and government. This concentration of risk emphasizes the importance of collaborative cyber risk management, as these high-risk sectors face and contribute to rapidly increasing cyber risk.
Many critical infrastructure institutions are vulnerable to cyber incidents due to: nation-state attacks; increasingly sophisticated threat actors; outdated technology and legacy systems; inadequate security measures; insider threats; insufficient training and awareness; resource limitations; and more.
Cyber threats reach beyond physical and economic disruptions to undermine societal trust, particularly in governments and the economy. This is critical on a global scale because trust drives revenue in the private sector and engagement in the public sector. Trust can be earned and strengthened.
For organizations such as critical infrastructure to gain trust and improve resilience, they need a simple and straightforward way to measure risk and quantify the trustworthiness of any organization in the world. This will enhance national resilience and strengthen trust in the digital ecosystem–between citizens and governments, governments and business, and bilaterally between nations in our interconnected world.
The groups behind malicious activity
Our report also investigated the origins of the world’s top 10 threat actor groups. We found that ten threat actor groups account for 44% of the incidents in our data holdings:
- APT28: This group is responsible for over 6.32% of the incidents, making it the most active threat actor in the dataset.
- Cobalt Group: Accounts for 5.80% of the incidents.
- Sandworm Team: Represents 5.02% of the incidents.
- Equation Group: Contributes 4.89% to the total number of incidents.
- APT41: Responsible for 4.85% of the incidents.
- Earth Berberoka: Accounts for 4.38% of the total incidents.
- APT40: Contributes to 3.48% of the incidents.
- Energetic Bear: Also contributes to 3.48% of the incidents, closely matching APT40.
- Leafminer: Makes up 2.91% of the incidents.
- Luckycat APT: Accounts for 2.88% of the incidents.
These and other threat groups operate globally, but their operational infrastructure is concentrated in some countries more than others. While this does not necessarily mean the threat actor is physically located there, it does mean the geography in question plays host to operational infrastructure (often in the form of compromised information systems owned or operated by unwitting third parties).
According to our data, nearly one-quarter of incidents originate from China, making it the leading source of cyber incidents. The Russian Federation is next, accounting for 15% of incidents, while the United States accounts for over 5% of incidents.
SecurityScorecard believes this analysis provides a roadmap to assess and communicate progress in reducing cyber vulnerabilities continuously to enhance resilience and trust among global stakeholders.