Cyber inequity is a growing chasm that continues to separate organizations with robust cybersecurity and technology capabilities from those without. This digital divide is a global cybersecurity crisis in the making.
The World Economic Forum identifies cyber inequity as a high-impact issue, defining it as the widening divide between organizations equipped to defend against cyber threats and those that lack the basic means to do so. This gap is especially evident in smaller, under-resourced organizations, which are highly prone to cyberattacks.
The Widespread Impacts of Cyber Inequity
Ransomware attacks or IT outages can have a significant effect on the public, impacting the accessibility of critical needs like healthcare, transportation, and other goods and services. For example, patients may be diverted to other medical facilities if one hospital system goes down, potentially creating a ‘medical desert’ in rural areas and putting public health at risk. Or manufacturing plants may pause production, impacting their bottom line and causing supply chain shortages. Organizations without adequate cybersecurity resources are at an increased risk of being attacked, impacting the communities and businesses that rely on them.
Even if a business isn’t directly targeted by a cyberattack, it can still be impacted by one. Supply chain attacks, for example, exploit vulnerabilities in the supply chain network, targeting less secure elements, such as third-party vendors or software providers with access to sensitive information. The fallout from these attacks reveals the cyber inequity gap in the context of cybersecurity preparedness. Those with stronger cybersecurity programs who are better prepared to deal with the fallout will likely recover faster than those without the resources to do so, further expanding the cyber inequity divide.
Cybersecurity Challenges for Critical Industries
While there’s no shortage of regulatory guidelines for critical industries like those from NIST and CISA, under-resourced organizations face an uphill battle with cybersecurity investment, largely exacerbated by budget constraints.
Notorious attacks like SolarWinds, Colonial Pipeline and recently ChangeHealthcare reveal the concerning reality that many organizations do not have the resources to invest in cybersecurity at a rate necessary to outpace attacks – or to deal with the fallout. Already forced to use limited budgets for cyber insurance, many organizations do not have enough resources or the necessary IT talent to implement robust cybersecurity programs. In fact, only 22% of global organizations say that they have the resources to meet their cyber objectives, in what is sometimes referred to as the “cyber poverty line,” according to the World Economic Forum.
Those who are less equipped to thwart threats or recover from them will remain at the greatest risk, as will the communities and individuals who rely on them. Unfortunately, those in rural or under-resourced areas tend to be at the greatest risk. Understanding and recognizing the collective risks posed to the public underscores the responsibility and important role that legislative bodies have in addressing this challenge.
Taking Action & Closing the Cyber Inequity Gap
Without legislation, defined standards, and/or incentives, critical industries face significant challenges in adopting comprehensive cybersecurity strategies. However, these mandates and incentive programs must be aggressive enough to truly address the problem.
For instance, critical industries like healthcare and manufacturing are dependent on numerous technical partnerships and work with countless vendors who access their systems, resulting in a substantial volume of third-party attacks and placing them at increased risk. Although there are pledges from organizations like CISA asking vendors to meet certain standards by 2025, these do not impose any penalties for non-compliance. In the absence of more motivating mandates or incentives, organizations without adequate cybersecurity budget or resources are often unable to address supply chain risk and they remain vulnerable.
Another example is mitigating the risk of credential theft caused by human errors, which account for more than 60% of compromise factors, according to Google Cloud’s 2023 Threat Horizons report. Employing access management solutions can address this threat and improve security by reducing phishing risks and other attacks associated with credential theft. However, implementing an enterprise-wide access management strategy takes investment and resources. For those organizations facing cyber inequity, this often leads to choosing inferior solutions or continuing to rely solely on passwords to protect critical resources.
Security remains a top priority across these critical industries, even for the cyber “have nots.” Therefore, it is incumbent on IT leaders, cybersecurity vendors, lawmakers, and other regulatory bodies to work together to create meaningful policies, guidelines, and incentives to close the cyber equity gap. This collaboration must move forward with urgency, showing substantive progress in short order. Otherwise, the cyber equity gap will continue to widen, leaving critical industries – and the public they serve – at risk.
About the Author
Fran Rosch, President and CEO of Imprivata, is a seasoned leader with over 25 years of experience in the field of enterprise security and identity management. Rooted in security, privacy, and trust, Fran has built a distinguished career marked by significant achievements, previously serving as the CEO of ForgeRock. During the five years of Fran’s leadership, ForgeRock grew over 400%, executed on a SaaS transition and cemented itself as a leader in both the Consumer Identity and Access (CIAM) and Workforce Identity markets, completing a successful IPO in 2021 and a sale to Thoma Bravo in August of this year.
Fran can be reached online via LinkedIn, X, and at our company website https://www.imprivata.com/
