Threatonomics

Resilience at the World Economic Forum

Sharing Our Perspective

by Davis Hake , Co-Founder & VP of Communications
Published

As challenges within the digital landscape continue to evolve,

the World Economic Forum’s report on the Global Cybersecurity Outlook in 2023 noted that the vast majority of cyber (96%) and business (86%) leaders think it “moderately” or “very” likely that global geopolitical instability will lead to a far-reaching, catastrophic cyber event in the next two years.

The World Economic Forum states that sustained multistakeholder collaboration between organizations and society is needed to ensure our shared resilience. Cyber leaders and executives must co-develop strategic foresight that steers effective decision-making to manage cyber threats.

Resilience believes we must work as a global team to disincentivize incidents by reducing threat actors’ likelihood of success through a Cyber Resilience approach. Through this approach, Resilience has helped our client base reduce financial loss and become more resilient against threats like ransomware, with just 15% of impacted clients choosing to make an extortion payment in the first half of 2023, compared to the 39.5% average reported by Resilience’s Incident Response partner Coveware over the same time period. 

With the World Economic Forum’s recent focus on fighting cybercrime, we hope to see a Cyber Resilience approach become a key component in the global cybercrime strategy. 

97% of cyber-attacks are motivated by financial gain. 

Losses from cybercrime are predicted to eclipse $10.5 trillion by 2025. This will significantly outpace both the investment in cybersecurity ($1.75t by 2025) and the capacity coverage from cyber insurance available ($900B Limits by 2025). 

Verizon’s recent Data Breach Investigations Report concluded that 97% of cyber-attacks are motivated by financial gain. Therefore, making incidents less lucrative for threat actors could help stop cybercrime at the source. 

Threat actors have a lot to gain and very little to lose when conducting a cyberattack. According to the Third Way Think Tank, approximately 0.3% of reported cybercrime complaints are enforced and prosecuted, or only 3 out of 1,000 incidents. Considering the incredibly low likelihood of being charged and the high likelihood of financial gain, cybercriminals feel empowered to rely on tactics like ransom as a consistent source of income. 

The free enterprise system of the global cybercrime industry is contingent on the idea that some or most victims will make a payment. Consider, for example, bank robbery, which reached its peak in the 1990s. Infamous robber Willie Sutton was quoted saying he robs banks because “that’s where the money is.” As forces such as inflation and stronger security measures came into play, bank robberies became far less lucrative and now occur less frequently than they have in over half a century. As bank robbery became less financially rewarding, the rate of occurrence decreased in tandem. 

Now, within the digital realm, we need to instigate a similar shift: creating new and more stringent security barriers and reducing financial gain for threat actors will be imperative in stopping cybercrime at the source. Luckily, this objective mirrors the goal of Cyber Resilience: reducing financial loss to organizations. 

By reducing losses to impacted organizations, we simultaneously reduce the profitability of the incident. 

Focusing on reducing loss to reduce profitability could be incredibly effective if widely implemented and closely adopted. By making cyber incidents more challenging to conduct and less financially rewarding as a global unit, we can effectively make cybercrime less worthwhile for threat actors. But how do we reduce profitability, or how do we reduce financial losses? 

To build effective defenses against plausible losses, organizations must first identify what they stand to lose– or their value at risk. From there, they must prioritize mitigating this risk through cybersecurity and transferring risk off their balance sheet via insurance. That’s how organizations can begin to answer the question, “Are we cyber resilient against material losses?

Rather than simply asking, “Are we secure,” this question considers both the technical and financial aspects of managing cyber risk. Integrating the silos of security, finance, and risk using dollars and cents leads business leaders to prioritize strategies based on what’s right for the business, which fosters efficiency and effectiveness. 

Organizations must develop Cyber Resilience strategies

The World Economic Forum’s global cybercrime initiative is to help cyber leaders and executives co-develop strategic foresight that steers effective decision-making to stay ahead of cyber threats on the horizon.

As a part of this initiative, Resilience CEO and Co-Founder Vishaal “V8” Hariprasad participated in the World Economic Forum’s Annual Meeting on Cybersecurity in Geneva, Switzerland, this week. Hariprasad discussed the trends that are shaping the future of risk in cybersecurity – including how AI can be leveraged by malicious actors to increase their cyber social engineering capabilities – and the strategies, tactics, and operations needed to improve resilience at a global scale amidst a rapidly developing threat landscape.

“The threat posed by cybercrime has reached systemic levels,” said Hariprasad. “It is no longer practical – or even possible – to defend against all possible threats. Instead, the future of cybersecurity will be defined by understanding cybercriminal business models, quantifying digital risk, and taking data-backed steps to minimize the risk of financial loss. It’s an approach we have built our company on here at Resilience, and it was a privilege to share that philosophy with public and private sector leaders from around the world.”

This is Hariprasad’s third appearance as a speaker at a World Economic Forum event. Earlier this year, he participated in a discussion on building cyber resilience in the face of ransomware attacks, and in November of 2022, he led an educational session on staying ahead of cyber criminal actors despite increasingly advanced and malicious tactics.

Learn more about Resilience and our comprehensive cyber risk solution at wwwcyberresiliencecom.kinsta.cloud

About the Author
Davis Hake , Co-Founder & VP of Communications

Davis Hake is the Co-Founder and Vice President of Communications and Policy at Resilience Insurance. Prior to starting at Resilience in 2016, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, The White House, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is also currently an Adjunct Professor of Cyber Risk Management at the University of California, Berkeley and a Term Member of the Council on Foreign Relations.

You might also like

Does the proposed UK ransomware payment ban take things too far?

Cowritten with Henry Westwood, Resilience Cyber Underwriting Manager Simon West, Resilience Head of Customer Engagement The UK government recently launched a consultation on legislative proposals to combat ransomware attacks, one of the most significant cyber threats facing organisations today. As cybersecurity professionals working with organisations across various sectors, we’ve carefully examined these proposals and offered […]

North Korea is targeting the job interview process to infiltrate US companies

This post is based on threat intelligence compiled by Resilience Intelligence Analyst Steph Barnes, published May 8, 2025. North Korean hackers have turned the interview chair into a staging ground for cyberattacks. Two sophisticated campaigns—Contagious Interview and WageMole—are actively targeting job seekers and employers alike, with a clear endgame: funneling money back to the North […]

Scattered Spider strikes again in recent UK retail attacks

In the past two weeks, the UK retail industry has faced an unprecedented wave of sophisticated cyberattacks, exposing critical vulnerabilities across the sector. The high-profile breaches at Marks & Spencer, Harrods, and others have sent shockwaves through the industry, with M&S alone suffering an estimated £3.8 million in lost online sales per day and seeing […]

See what a cyber attack could really cost your enterprise

Data breaches cost U.S. businesses an average of $9.36 million per breach in 2024, yet many enterprises still struggle to quantify their specific cyber risk exposure in financial terms. How do you translate complex technical vulnerabilities into language that your CFO, board members, and other stakeholders can understand and act upon? We’re excited to announce […]

A decision scientist’s perspective on AI

As the Senior Director of Cyber Resilience at Resilience, I bring a somewhat unconventional perspective to the table. Unlike many in our industry who come from traditional cybersecurity or insurance backgrounds, my expertise lies in decision science. Throughout my career, I’ve been fascinated by one central question: How can we help people make good decisions […]

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]