Cyber inequity will be major security issue in 2024

Discussions of equity in healthcare typically focus on the socioeconomic barriers facing many patients, but inequities are rife on the cybersecurity side, too, according to a new report from the World Economic Forum (WEF). 

“Cyber inequity” is slated to be a high-impact issue in 2024 and beyond as new technologies are unevenly distributed, potentially creating vulnerabilities for all as business relationships become ever more interconnected. 

Lack of resources creates cyber inequity for smaller organizations 

“A stark divide between cyber-resilient organizations and those that are struggling has emerged,” the report states. “This clear divergence in cyber equity is exacerbated by the contours of the threat landscape, macroeconomic trends, industry regulation and early adoption of paradigm-shifting technology by some organizations.”  

“Other clear barriers, including the rising cost of access to innovative cyber services, tools, skills and expertise, continue to influence the ability of the global ecosystem to build a more secure cyberspace in the face of myriad transitions.” 

Small- and medium-sized entities (SMEs) are most likely to be on the wrong side of the divide, the authors noted. Overall, organizations across industries are struggling to maintain minimum standards of cybersecurity. The number of entities clearing this low bar is down by 30%, the report found, and those falling short tend to be on the smaller side.  

Compared to the largest organizations, more than twice as many SMEs admit they lack the cybersecurity resilience to meet critical operational requirements. Half of the smallest organizations surveyed by the WEF at its annual cybersecurity meeting said they don’t have the skills or resources to meet their security objectives.  

With only 62% of global healthcare and life sciences entities of any size believing that they are at least minimally cyber resilient, the crisis is very real for a large number of community care providers and technology companies that fall on the smaller end of the spectrum.  

The impact of generative AI on cybersecurity

At the same time, dramatic advances in generative artificial intelligence are threatening unprepared organizations at an unprecedented rate. More than half of respondents believe that generative AI will swing the advantage toward their attackers, while a mere 9% think it’ll bring any notable benefits to cybersecurity defenses. 

Executives are most worried about generative AI’s impact on common attack vectors, such as phishing and malware development. Deepfakes are another concern, as is the unintentional exposure of personally identifiable information through generative AI interfaces. 

Implementing shared solutions to cyber inequity  

The vast majority (90%) of respondents agree that addressing cyber inequity is crucial for everyone, even organizations on the leading edge of technological maturity. That’s because business decisions do not occur in isolation – especially in the healthcare industry, where technical partnerships and clinical relationships are crucial for success. 

Visibility into third-party risks varies significantly depending on the cybersecurity maturity of the organization, the report reveals. Only 22% of the least resilient organizations have adequate visibility into their partners compared to 71% of the most resilient entities. 

A better understanding of the ecosystem, along with shared guardrails and regulations to avoid weak links in the chain, is essential for overcoming the challenges of cyber inequity.  

“There is evidence of an appetite for systemic collaboration that supports SMEs,” the report said. “For example, in 2020, the World Economic Forum brought together partners from telecommunication companies, civil society and cyber organizations to publish cybercrime prevention principles for internet services providers. This is an example of systemically important actors, such as internet service providers, working to protect the entire ecosystem, including smaller players.”  

Industry leaders will also need to collaborate on closing the skills gap by addressing workforce shortages that, once again, unevenly impact the smallest organizations.  

“In a concerning indication of inequity, 31% of leaders from the smallest organizations by revenue reported that they are missing critical people and skills; yet only 11% of leaders from the largest organizations said the same,” the authors pointed out. 

Instead of looking externally for new talent, many organizations are working to upskill existing employees with additional certifications and credentials. This could be an effective way for resource-strapped organizations to incrementally improve their resilience without being forced to compete for scarce new hires. 

Achieving an even playing field for all organizations

Cybersecurity is the perfect example of a rising tide raising all ships. Any vulnerability in the ecosystem puts every player at risk, making it imperative to address inequities quickly and comprehensively.  

“Everyone needs to work together to encourage sustainable capability for the future – including developing the right priorities and organizational culture while providing for equitable access to talent, technology and security tools,” the report concluded. “Raising systemic resilience – all organizations closing the inequities that divide and improving the resilience of what connects – is not only the most pressing requirement, it is the greatest responsibility.”    

Jennifer Bresnick is a journalist and freelance content creator with a decade of experience in the health IT industry.  Her work has focused on leveraging innovative technology tools to create value, improve health equity, and achieve the promises of the learning health system.  She can be reached at jennifer@inklesscreative.com.