Improving the measurement of digital security incidents and risk management
12 - 13 May 2017
Organisation for Economic Co-operation and Development (OECD)
Location: Rüschlikon/Zurich, Switzerland
Participation in the digital economy allows businesses to increase productivity and expand their market. At the same time, it raises new security and privacy challenges as a result of the fast pace of technological innovation and increasing interdependencies between networks and the operations of infrastructure and businesses.
Digital security risk is a concern that the entire business community shares, but it may have especially serious consequences for smaller businesses. While large business and organisations may have the institutional and financial capacity to develop appropriate digital security risk management, studies in a number of countries suggest that this is not the case for small and medium enterprises (SMEs), and particularly micro-enterprises, which face managerial, skill, knowledge and financial constraints. The dearth of reliable evidence on which to base digital security risk management decisions and public policy actions compound these challenges.
The Organisation for Economic Co-operation and Development (OECD) and Swiss Re have partnered up to examine the range of incentives or mechanisms that can be applied to influence the reporting and sharing of data and their impact on digital security risk management practices in businesses.
During the workshop, participants discussed how to address data collection and sharing challenges such as: (i) What are the main measurement needs? What can and should be measured? (ii) What typologies, frameworks and standardised approaches are likely to foster useful data collection and reporting for businesses, insurers and policymakers? (iii) What can we learn from the insurance sector? (iv) Is there a business case for a digital threat, vulnerability, incident and impact data repository?