 Good morning. My name is Jeremy Juergens, I'm managing director at the World Economic Forum and I'd like to thank all the journalists that are joining us here for this session this morning. With us today, we have Julie Sweet from the CEO and Chair at Accenture, Juergens Stock, Secretary General, Interpol, Nikesh Arora, Chairman and CEO of Palo Alto Networks, and Eddie Rahma, Prime Minister of Albania. Thank you. So we're here today to share the findings of the World Economic Forum's Global Security Outlook Report 2023. This is a result of research and collaboration with the Forum's communities and our partner Accenture, which we've interviewed and sought input from over 300 executives globally. There's a few headlines that are sharing and pointing out that emerge from this research. First is around geopolitics. The most striking finding that we found is that 93% of cyber leaders and 86% of business leaders believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years. This far exceeds anything that we've seen in previous surveys. Now, the concern goes beyond politically motivated cyber attacks. And I'm sure Prime Minister Rahma will be able to give us more information on that later on and how these can be dealt with. And we see with the increasing digitalization in the world, this as well increases the interconnections that we have across various services. It also makes it more difficult to find the experts that we need to address the cyber challenges that are in front of us. As well, cyber attacks can spread unpredictably. We saw this in the case of the VESAT attack that was done on Ukraine, which was initially intended to shut down communication services for the Ukrainian military, but as well closed off parts of electricity production across Europe. So the unintended consequences there. And the geopolitical fragmentation that we're seeing globally makes collaboration across borders and responses much more difficult in the case of a cyber event. Now there is well some positive developments. And I'd like to highlight two specifically. First is around investment. Business leaders increasingly see cybersecurity as part of their strategic investment plan with 49% of business executives saying that cybersecurity fed into decisions on the countries that they would invest in. Again, this is something that we haven't seen before making investment decisions based on the cybersecurity footprint. Second, there's increased interactions. Business leaders are increasingly bringing their cyber professionals into boardroom discussions and meeting them with them on a regular basis. 56% of security leaders now meet monthly or more frequently with their board. And this will help narrow the gap of the understanding between the business leaders and the cyber professionals. Now we do see a few challenges in front of us. One, how do we assess the practical impact of cyber risk? While boards have prioritized cybersecurity, we see that still a challenge for boards to assess the value that they get from cyber investments and how to actually take the recommendations and translate that into actual business operations and business strategy. Second, there's a significant cyber skills shortage. We're a long way from having the cybersecurity professionals that we need. 34% of respondents shared that they have skills gaps in their teams and 14% said they lack specific critical skills needed to protect their organizations. We've seen in other work that the forum does that there's opportunities here for reskilling and bringing in people who haven't necessarily studied cybersecurity or computer science before and also bringing in underrepresented communities as the organizational skills needed in cybersecurity are as important as the technical ones. Now with this, I'd like to actually go over to Julie for our first question and Julie, how should business leaders think about cybersecurity and what actionable next steps would you recommend? Great. Well, I think it's important for business leaders to focus on three numbers. 86, 43, 27. 86% of business leaders, as Jeremy mentioned, believe there will be a catastrophic cyber event in the next two years. 43% of them believe it will have a material impact on their own business, a very significant number. And only 27% of business leaders believe there's cyber resilience. And so the gap between cyber resilient companies and the likelihood of a material catastrophic event is significant. This is a burning platform and we do see that both with the level of investment and also the shifting questions of how you move to more actionable steps. And so we suggest three. First, secure the core. What does that mean? You actually have to in a world where the world has moved online and all strategies lead to technology, the security aspect of technology needs to be built in. It's not easy because technology is not simply running the corporate. It's not about email. It's now in the core of the business, whether it's how you're doing exploration in oil and gas, how you're communicating between providers and payers and health, and the list goes on. And so using clear assessments about whether all technology is secure is absolutely vital, along with consistency. These are not debates about whether or not you should empower leaders to decide which security tools. Unfortunately, that's not how it's been working. So secure the core. The second is address the talent challenge. That needs to be done in two ways. The first way is actually more technology, much of what's done by security professionals today with proper technology can actually be automated with better outcomes so that humans can focus on more of the intel, the human behavioral changes, and learning about the actual business risks and what's needed. That leads to the aspect of training. And the talent is needs to have training. There are not enough people in the world with cyber skills. There's, according to our research, over two million people of the gap. And so training is absolutely critical. The good news, you do not have to create this training on your own. And there's lots of ways you can collaborate with other organizations. The third actual step is a shift in mindset and culture at the C-suite where cyber resilience equals business resilience. What does that mean? Well, very practical step. Every month, when I review with my top leaders our business results, we review whether or not we had any cyber incidents. It's a concrete change that we made to be clear that cyber is the same as financial performance. And so thinking about your own culture, your own processes, what has to change so that your entire C-suite understands cyber resilience equals business resilience. Those are the three actionable steps that every company can take tomorrow. Thank you. Thank you, Julie. You're going to move in over to you. The outlook suggests that the nature of cyber threats is changing. For more of what you see, what does this mean for cooperation to fight cyber crime? Yeah, thank you. And good morning, everyone. Indeed, the impact of cyber threats and cyber crime on international security is increasingly severe because it is increasingly complex. So one of the key terms here is cyber crime as a service where everyone in the underground economy is able to purchase or rent the necessary tools to conduct a cyber attack. And as we know, there is not a single country, not a single region, not a single company that can tackle the threat on its own. It really requires cooperation. And that is exactly what the World Economic Forum is about. This is a global threat, not a surprise. It calls for a global response and it calls for enhanced and coordinated action. We are in law enforcement in ourselves. We are dealing with a problem of fragmentation because there are so many actors, which on the one hand is positive. On the other hand, it not only leads to duplication, but it also risks that relevant information in connecting the dots and identifying criminal networks who are exploiting IT systems are not being dismantled and we are not able to provide as Interpol investigative leads to our member countries police service. A recent survey conducted by Interpol last year has shown that cyber crime remains a top priority all around the world in all Interpol regions. And we are bringing 195 member countries together. And it's definitely also a top priority for Interpol. The complexity of cyber crime is compounded and just to illustrate one or two of the problems by the silence of victims. So we know too often victims remain silent for a number of reasons, including a reluctance to reveal a vulnerability and negatively perhaps affect the reputation. For instance, of a company. So either your private citizens or your company, you are considering various elements, whether you should report to the police or not. There is perhaps a lack of a clear anonymized reporting mechanism for victims to alert their service providers or law enforcement. And we can only take action if we are provided with the necessary information, which in today's world, of course, regularly sits within the private sector. We also know that data on attacks can remain in silos in national law enforcement agencies and industry incident response teams, either because there is a lack of an kind of exchange channel across sectors or because they are on to the next crisis. And we are discussing here in Davos the phenomena of poli crisis. So the C C Swedes are dealing currently with a lot of crisis in parallel. And we know that industry experts may not be aware of who to contact in law enforcement, for instance, to safely provide sensitive information that can be the beginning of a successful police operation to get the cyber criminals behind bars. There's also a sense that cyber crime and cyber and able crime is too complex and that the chance of getting any investigative results is too low. Hence sharing data is sometimes seen as pointless. I think a lot of success story we are having also based on the cooperation here with the Center for Cyber Security, our close collaboration with the private sector has been indicating we are, we can be successful if we are provided with the necessary information. So a case in point was the recent Interpol Coordinated Operation which mobilized law enforcement in 14 countries which illustrates the dimension of cyber operations across four continents in a targeted strike against a group that is called Black X and related West African organized crime groups currently here in the media also in Switzerland. The operation resulted in 75 arrests, a further 70 suspects identified and more than one million euros intercepted in bank accounts through our anti-money laundering rapid response protocol and that illustrates the link between cyber crime and financial crime and money laundering. In fact, in 2022 alone Interpol helped our member countries intercept nearly 200 million euros in criminal proceeds. That's on the one hand a success. On the other hand, if we see the huge profits that cyber criminals are making it still, it must be an encouragement for all of us including the private sector politicians law enforcement to do much more. The key to winning the battle against cyber crime, if I may phrase it like this, is of course to work together to make it a priority across the geopolitical fault lines and with stronger platforms that encourage public private sector cooperation like the platform that the World Economic is providing and connecting with Interpol that represents global law enforcement. The cyber crime atlas initiative is a step absolutely into the right direction, absolutely necessary, encouraging also private industry to do more to anticipate and mitigate the threats because it's a very dynamic situation. The criminals are investing their huge profits into new tools, into their sophisticated tools and we have to make sure that we keep pace but also that we are further developing the global architecture of security because I repeat myself it's a global threat like other global threats that are currently discussed here and only if we are building the bridges between the silos that still exist specifically between law enforcement and the private sector, moderated also by the World Economic Forum, we can be more successful. Thank you. Thank you, Jürgen. Mikesh, we saw in the report the rise and awareness of the risks here and also the comments from Jurgen the financial implications of this and there's this tendency for CISOs to always ask for more investment so how should how should leaders think about assessing their investments and getting the most return from the cyber investments they make? Well thank you Jeremy and thank you for having me everyone. Look the report is encouraging, it's encouraging because we have accumulated a lot of cyber debt over the last few decades where we have under-invested in cyber security because we honestly never expected all of our technology and systems to be interconnected around the work. As Julie highlighted everything is connected pretty much it is the technology of the core of the business and we have not invested in cyber because the returns to your point have not been understandable and the threat has not been as visible as it has been recently. So it's encouraging to see in the report that C-level executives, board members, senior leaders are aware that there's a problem. That's the sort of part we have to work on collectively is nobody seems comfortable that they have it under control and I don't think this cyber debt that has been created goes away in a short period of time. I don't think the reliance on technology is going to go down anytime soon. I expect more business will spend more time, effort, energy and make technology core of the enterprise. I think towards that end it's important to both understand the business risks and treat it in a way like you treat every other risk is what is my ability to recover from that risk and how secure do I feel? Which highlights some of the things with Julie again which says go back and invest in your core technology, make sure that you understand that every part of your business is secure, make sure that you are leveraging the industry as well as public-private partnerships to understand that when you end up in a scenario where you need to go create some remediation that you have all the eyes dotted and teeth crossed and you're sharing your data early so when it comes down to remediate you are in a position to go and remedy the problem as quickly as possible. Which brings us to the topic of cyber resilience. I think as Jurgen highlighted most organizations are reluctant to highlight when something has happened because of possibly you know more business interruption threat because there are more bad actors will come flock to you if you highlight too early that you have vulnerability there is obviously the reputation risk that is associated with any cyber activity but I will tell you the activity is rampant there are thousands of organizations that get attacked and end up in some cyber scenario every year and that's a large number and I think the only way to get around it is both a long-term plan to re-architect your cyber security architecture to make sure you're getting more for less and that requires you to think about automation it requires you to think about consolidating traditional strategies of using multiple vendors using best-to-be solutions from a lot of people and stitching it together is no longer working and I think the report is a bit sort of bifurcated on the idea of should we rely on in-house resources or go partner with third parties I recommend work with specialists because this is what they do for a living so in that context I think it's encouraging we have a lot of work to do and I think we all need to aspire to make our organizations more cyber resilient thank you thank you Nikesh Prime Minister Rama we see this expectation for a catastrophic cyber event from over 90 percent of leaders in the cyber sector Albania was directly at the center of a cyber storm if we may what lessons can we take away from that experience particularly for political leaders thank you for for having me here and I'll try to be helpful first of all because of the event you mentioned we're obliged to start and learn more about it and one of the facts I learned is that if cyber crime would be a state would be the third global economy after US and China in 2015 the overall measure of its potential its power was 3 trillion in 2025 this is forecasted to 10.5 trillion so if we think back in terms of one virus COVID-19 that created such a disruption and needed so much interaction and so much common efforts let's let imagine an exponential multitude of viruses that mutate every day exponentially while not threatening our body but the bodies we live in our organizations our countries our systems then you know it could be just apocalypse and it's about it's about viruses that can not only block our way of living but can control it and can deviate it so can use our systems like God forbid our air transfer systems to hit us back and imagine if there is a cyber attack on our air transport systems that turn huge number of airplanes that are flying in bombs so what we learned is that this is something that it's absolutely naive to think that every country being poor being powerful or being not being rich or being not can take it in its own because what we are seeing in our daily struggle we are under attack since last summer from Iran and it's it would be complicated for the audience to explain why but we are under attack and would and we have coalized with few other friends friendly countries that have the same you know the same threat coming from the same source and that are more developed than us in terms of cyber defense that weapons if I can use this word but because they are real weapons at the end so logs and codes that are used to attack us represent for our allies novelties so it's also a way to learn what new weapons are being used in daily basis and to prepare against them and I can't imagine how the world I mean the the institutional world organized world being in public sector or in private sector can survive it without a large large large coalition so what we learned from the traditional crime in Europe is that traditional crime has created a much more functioning EU than the States because they are they are very much interconnected they don't have never ending summits and and meetings and they don't have vetoes to stop them from doing anything in the meantime that the EU itself has to struggle to create convergences and to create cohesion in common action we saw it during pandemic so at the end there is also another thing for the public sector this is really challenging on one end because it's a matter of resources so imagine Albania with its GDP with its development that has made an exponential step to turn from a country that was very much based on paper and on bureaucracies and on bribes in a country that is today 95 percent of service online which is the bless of technology for for not developed countries to make jumps that otherwise you would need decades but at the same time is the curse of technology because you are totally exposed and now we are exposed vis-à-vis a power like Iran that come on it's not it's not something we can match in terms of finance in terms of ruthlessness in terms of anti-democratic behavior and so on to now have to invest much more so for the governments to invest in what will happen is one thing but to invest in what should not happen is another thing because at the end we have to get to get elected okay so china maybe has a much much more comfortable position because they can think quietly about the next hundred years but if you have midterms in Albania we don't but if you have midterms you have to think about the next two years and you know and all the all the you know chaotic politics that is superposed to what is happening in the cyber crime world is very very worrying so the question is how much the the the world will come together how much the countries will come together how much big and small rich and not so rich will realize the need for each other because if not for everything else Albania now is a very important laboratory to realize what's next thank you prime minister i realized we started a few minutes late so if the panelists will give a few extra minutes i know we probably some questions from the journalists in the room if you can identify your organization your question and also you'd like to direct the question to thank you i'm fabrizio goria from the italian daily last time and i have a question for mr stock as you know um one of the most wanted mafia mobster matia mesina denaro was caught and now is in custody and as you know the mafia was updating itself to the cyber crime the can we consider this capture as a success or as a win for the eurozone and europe thank you yeah very briefly it's definitely a great success after having been for i think 30 years on the run and we get insights now on how intensive investigations have been definitely a success we are very grateful to the italian government they are supporting a project within interpol that is called i can that is targeting that i get up primarily and we know this is an example for a very dynamic group that is using every risk that we are discussing here in the context of risk as an opportunity for criminal activity to become richer thanks to that work an interval providing a platform for all those countries that have identified tangeta as a problem we are able to provide analysis that leads to investigative leads that have also led to a significant number of other arrests and even um providing some countries with the information we have not yet been aware that they are having a problem with organized crime italian organized crime or other organized crime so definitely a success and a role model for the need to provide a global platform like interpol that helps collecting all the intelligence that is available and translating that into investigative leads that lead to arrests and the seizure of the illicit procedure of crime we know the optimists are saying around two to three percent of all the i think the two trillion that are every year laundered through the uh through the legitimate economy the financial system are being seized by law enforcement prosecutors police and and courts at the end of the day the pessimists are saying less than one percent so we know we have to do a lot more to get behind the money that they are making and as the prime minister said these groups that are developing hacking tools are incredibly rich we have no idea how much hundreds of millions or even billions they have made during the last couple of years with these ransomware attacks and with ransoms that have been paid it's a huge challenge for us and that perhaps requires a reconsideration also of political priorities to put more resources you mentioned um Jeremy cybersecurity shortage that is a big problem for for a lot of interpol member countries right thank you uh question here in the corner good morning to all i'm fabrice nodel angla from the french newspaper the figure oh my question is for eddy rama you know bonjour eddy um can you share with us for those who have not followed too closely the the attacks some of the very uh concrete uh impact that your your country um uh experienced and what were the your quickest response what were you able to do i avoided in the introduction introduction because it would be uh complicated uh for for for the time we have in our disposal in davos you can be late in starting but you cannot be late in ending because others have to get the room uh so i'll try to be uh as synthetic as possible so what what we have done uh it's that we have uh um considered the technology as our safe uh saving both to get from level of uh administration that was very much contaminated by uh by endemic corruption in terms of bribery to a level where the direct contact between citizens and public servants and offices was eliminated through uh through online interaction so we succeeded to become from a country that was uh was really in in the ditch in these terms in a country that sees today uh eighth in europe and uh somewhere between 16 and 17 worldwide based on the un chart in terms of uh digital public services and it's exactly where uh where the attackers aimed to to to hurt us by uh practically uh uh aiming to wipe out completely our digital infrastructure and to completely uh erase our data in terms of uh public uh services it was very very disturbing because for for several weeks we had to it was like an incredible war happening uh in the in the web uh 24 seven many people engaged in the trenches to push back and we succeeded practically to survive this attack uh by not letting letting them do what they were supposed to do and then through a very very thorough forensic that we did together with microsoft threat intelligence team and uh red team of fbi and several others we arrived in a conclusion that uh it was absolutely clear that behind this attack was was a state and namely iran so we attributed it to iran based on facts not just on uh on and uh what is uh what is the other side of uh of the scary uh you know scary uh uh presence in our lives of cyber crime is that it's not like uh entering uh in your house it's not like breaking your house that you have the door broken or you have the window broken and they enter they can be in your house and you don't know they are in your house so it's uh it's penetrations uh and uh in the same time is like ticking bombs you know programming the day and the moment that the bomb will blow until then you may not be aware at all that you are you are sleeping uh on a bomb and uh what we are doing today as I said with our two other friendly countries uh is exactly that uh and we are detecting thanks to also their uh much higher expertise we are detecting exactly what are the movements in the dark that otherwise no one would be aware of and uh we are very much uh very much preoccupied or to to raise the the the awareness on the private sector about the danger and to make the private sector enter in cooperation and in interaction with the government also in terms of contributions so uh it's not it's not at all an easy exercise but uh it's the new world so uh uh I hope uh the prophetic uh the prophetic uh sentence of Michelle Ocar will not prove uh itself to be to be true in the in the in the long run when he before dying he said I'm very very uh I feel blessed that I was uh I lived in the time internet was born and I feel blessed that I'm living this world before before internet will destroy it good thank you prime minister I'm going to actually uh also the prime minister mentioned the need to stay on a schedule here uh we are in switzerland after all uh if you have questions uh further questions or recommend to see if any of the panelists are available following the session here I'd like to thank our collaborators for their support uh both Accenture for the work directly on the report at Palo Alto Networks for the broader support of the Center for Cybersecurity the World Economic Forum our partnership with Interpol and also the prime minister for his participation and sharing the experience here today I welcome everyone to go more depth the report it will now be available online and thank you for joining us here today