 afternoon, everybody. Welcome to our final press conference here of the 2019 annual meeting of the new champions. I have the great privilege of introducing a brand-new report written by the Center for Cybersecurity along with some very important partners. It's called Incentivizing Responsible and Secure Innovation, Principles and Guidance for Investors. So I'm joined by a very distinguished panel. I'm going to introduce them all and then they're going to make some brief remarks. And then we're going to open it up to questions. I've got some questions I'm going to ask. There's a couple of people in the room here probably have also some questions. Cybersecurity is a very hot topic, so it should be very informative. 30 minutes. So we have Allie Swingy, the head of the Center for Cybersecurity here at the World Economic Forum and a member of our managing board. We also have Michelle Zatlin, the co-founder and COO of Cloudflare. And we also have David Lee, executive director of the Shenzhen Open Innovation Lab and Haiyan Song, the SVP and GM of Security Markets at Splunk. So, Alois, I'm going to pass it over to you. Can you give us an introduction to the report and tell us maybe why now is the right time to write it? Thank you, Amanda. Yeah, I think why this, why now is sort of a good starting question. You know, if we look at the Fourth Industrial Revolution, that has brought us and will bring us a host of new technologies that will change our lives, that will fundamentally change our lives. But it will also change fundamentally business models of organizations and actually even it will change how societies will develop over the future. Now, that means that if we now move sort of most of our technological advancement into cyberspace, we're obviously have their vulnerabilities, you know, through cyber attacks because like in the real world or in the physical world, we always had, you know, people who meant well and people who had different intentions. And if we look at the last years, clearly cyber attacks have been on the rise and have started to affect again, lives and companies profoundly. And as a consequence, they're off obviously the trust of people like you and me started to erode or started to get challenged about new products, about new services. And so clearly what we see now is that companies have to treat cyber resilience not anymore as a technical problem or a technological issue, but it's really becoming a strategic issue, a risk management issue. It's becoming a matter of is my business, is my organization actually preparing for the future ready for the future. That means that security needs to become really as the needs to become part of the beginning of any innovation process that I have. If I develop a new product, if I develop a new business model, I need to think now from the beginning on the aspect of security. And at the World Economic Forum, we created two years ago the Center for Cybersecurity. And as we have done for nearly 50 years, the Forum always works with the stakeholders from public sector, private sector, civil society and academia to find solutions to the world's challenges. And here we were asking ourselves how can we actually make a contribution to increase the trust and resilience of innovation processes. And in that regard, we're very proud to launch today this initiative, this report on incentivizing responsible and secure innovation. And we started with thinking about as an investor, when you are an investor and if you look at target companies to invest in, how do you make sure that security is actually as important in that business as other areas that you have observed or looked at as an investor, be it financial, the financial aspect or the talent aspect or the governance and compliance aspect. And sort of we're arguing is as an investor, you need to do this also for targets that you have in your site for acquisitions, for mergers or for IPOs. And we're very happy that we could work with 15, more than 15 partners on this, but also with academic partners. And we certainly have the hope that this might become part of a future industry standard. So maybe that's so much from our side. Thank you. And I think bringing in the industry and bringing in entrepreneurs and experts is definitely a big part of this process. So I'd like to turn to you, Michelle, as an entrepreneur, can you tell us a bit more about your perspective and how that would kind of feed into something like this? Absolutely. Thank you. I could not agree more, Louise, about how online innovation technology has really transformed how we all interact and it's touched every single person. And for the good, I mean, there's just been incredible opportunities created with this. However, as you mentioned, with the good, we've realized there's a lot of risk with all these digital transformations. And I often find that when people sort of say, Oh, wow, we need to pull back. And that's the exact wrong reaction. What you really want to do is lean in because this is not going away. And so I wanted to share a personal story. Nine years ago, I was a student at Harvard Business School and a classmate and I were working on a school project. And I went and talked to a lot of small businesses. And I asked them how big of a problem is cybersecurity for you? And these are the sorts of reactions we got. Online criminals are the scourge of the earth. Web spammers should be in or criminals and should be in jail. Web spammers make me believe in the death penalty. Now, this was a very visual reaction. You just read this and you said, Wow, you don't have to be a cybersecurity expert to be like, there is a real pain point here. The next question was, Okay, what are you doing to protect yourself? And there were no good solutions. They all had homegrown solutions. They felt vulnerable alone. And that's a really isolating place to be. And that's that is the state of small businesses. They, they knew it was a problem, but there weren't good solutions. And so, as Amanda mentioned, I'm an entrepreneur. And so actually, we took that and we created a service. And, and Cloudflare is the whole reason we started Cloudflare was, can we create a cybersecurity solution that would help small businesses, entrepreneurs, developers who didn't have the resources that the large enterprises had access to. And that was the whole catalyst for why we started Cloudflare. Now, fast forward nine years later, we have over 16 million internet properties that that use Cloudflare. I've built a company with over 1100 people and I've raised over $300 million of venture capital. And if I fast forward to today, you know, I've been here at the World Economic Forum this week, which has been amazing, I've been meeting entrepreneurs. And yesterday, I met, I met an entrepreneur who's trying to bring power to a billion people around the world who don't have power. And when I met him, he said, Oh, my goodness, my investors are pushing me, how am I going to secure the smart power in the homes? It's top of mind. And, and he was like, and I don't know how to solve that. I'm passionate about bringing power to these homes to all these people who don't have power to do that. But I have no idea about what to do on the cybersecurity front. I met another entrepreneur who she's bringing emotional intelligence to all the people online. She's like, a lot of, there's a lot of mental illness. I want to help get, get them help. There's a lot of cyber bullying. How can I protect my users? And she's like, I care about protecting against cyber bullying, but I don't know how to do that. And so actually, as I see where we are today, the, the, the, this report could not come at a better time. Having frameworks that businesses of all sizes can use is critically important. It's not just the enterprises. They've always had good solutions. They're going to be okay. Good security is hard, but they have great solutions. But it's how do you secure all the small businesses, all the developers, all, all the entrepreneurs who are just starting out. And, and again, I think this framework is so accessible to both the small businesses all the way up to the large enterprises and one nomenclature, one, one framework, one guiding principle is critical to helping push this conversation forward. And so I am very encouraged. And I will just say the last point about the investor side. We have many investors. They, when we told them that we were taking on this challenge to help small businesses with their cyber security needs, you know, it was really critical to like, you need to take this seriously, right? And so it comes back to how you design your product, the types of people you hire. And again, it's not just the cybersecurity team within your company. It's how do you educate everybody in your company and some of these cyber culture. And our investors really pushed us to think about that. And again, as I met entrepreneurs here this week, I was encouraged to hear that their investors were asking them the security questions to make sure that they were secure to deliver on their promise. And so I feel like we're just at the beginning. This report comes at a great time to help set up the framework to help move the conversation forward and, and, and continue the global conversation. Michelle, thank you very much. David, you represent a tech manufacturing hub, a home of innovation. Can you give us your perspective about, you know, these principles in the report? Yeah, well, I think it's right now the, the cybersecurity is going beyond just the attack on the cloud, attack on the website. Right now, as we have more and more connected device, intelligent device coming to our home, speaker, IP camera, the attack is also can come in into the, the system, not just through the well protected cloud, but this vulnerable system. And today, in terms of creating a new piece of intelligent hardware, we have the narrative being used by the startup and the reality of how they actually happen. So every startup who created a piece of the hardware or invoking the image, imagination of Stephen Jobs in the garage, doing everything from scratch. But in reality, that comes to my city's end zone. Going down the street, pick up the, the cheapest one they can get. With no ideas of where it's originated, who's responsible for the piece in it, who's writing the software. As all they know is that this is the cheapest one doing the job, slap a logo on it, put it on Amazon, and now you get your IP camera. Now things starting to happen. Now we're starting to have the early days of internet coming from, coming into the system. And this small brand has no idea how to handle it because they don't write a call, they don't even have the credibility to who actually wrote the call. Even if you found a company who wrote the call, it's like, well, you're just buying this from me. There's no long-term contract for me to update this, for me to fix this. So we are in a mess right now in terms of the IoT investment for security. So I think moving forward and what we work on a lot is the, we want to open this up to become more transparent, both to educating the investor, the startup, and also the, the public about how the things you put at home, which is streaming your image into some service, how they are making, where they come from, and the second ball is the opening up in this ecosystem. It was interesting I sitting next to Michele and we're talking about my early days. My first internet startup was 95. It would be our own server. We don't have anyone, we have to handle our own security. And by today as a startup on the web space or on a mobile app space, I can lean on companies like Cloudflare to say, okay, well, let me go deliver my value. You take care of my security. And we want to open up that kind of visibility into the device side and hopefully inside investors to say, okay, well, who's the Cloudflare for IoT? And that is the things we are happy to really, happy to see the report is bringing the focus to security, to investment. And hopefully this is the beginning of that conversations. Thank you very much for those remarks. Haiyan, let's turn to you. Can you give us a little bit more of some insights of how investors could maybe benefit from, you know, using these guidelines or using these tools? Of course. Just to sort of add to my panelists points, right, we live in this digitized business world and in the always on connected world. And if I bring that focus to what we do in technology, it's all about cloud. It's about SaaS. It's about API driven. It's about decentralization. It's about consumerization of a lot of things. So what those things means to us is a new paradigm of doing things. And from an investor perspective, this is also an opportunity to start incentivize. I think that's the word. Also guide your sort of invested companies to really do the right things. There's multiple reasons to that, right? One is, I think the report actually talked about that they surveyed a lot of executives, decision makers. And 93% of them basically said, if there is a more secure product, I'm more than willing to pay more than 20% more just to get a product that's secure. I think that says a lot. And we also, I think there's just a news article came out and there's billions of records just got breached through a IoT platform. And we used to talk about hundreds of records, thousands of records, millions of records. Now it's in the scale of billions of records. I think that's getting people's attention. And since we're sitting here in Dalai and China, I thought maybe I'll take this opportunity to share a meaning of a Chinese word. And the Chinese word is wei ji. It actually it's the same word as crisis. So there's two parts to that word. One is danger. The other part is opportunity. And this is really, I would say, almost we have all these challenges that could be considered a crisis. We don't have enough people. We have all this new technology. But just like Michelle was saying, this is an opportunity. If you pull back, then you're going to lose. If you actually face it, and this is really what leadership 4.0 is all about. It's take this opportunity and do something different. And from an investor perspective, just like on their investment, I think there's two purposes. First, they want to look for ROIs. If you do security right, you have a much broader access to market. It's already happening in the cloud. Do you have SOC? You know, two compliance. Can you do FedRAM? If you have those, a lot of customers will buy. If you don't, they would walk away. And if you think about in the world of security, this is also about protecting your investment. If you're an investor, you're investing in a startup, and they didn't think about security from the get-go. In the new world of API and design, sort of with security from the get-go, you don't get a second chance. If you don't do it right, you don't get a second chance. That's about protection as well. It's not just the business, but it's your investment. Thank you very much. I think there was a lot of information. I want to take the opportunity. I know we have a couple of journalists in the room. If you want to ask a couple of questions, I know I have a couple. I've been kind of taking notes as we've been going through. But just show of hands and David in the back can help. And just tell us what your news outlet is as well. Okay. Thank you everyone. My name is Yudora Wang. I'm a reporter from China Money Network based in Hong Kong. So I have a question for Mrs. Song. You mentioned about why it is so important for those small startup companies to have a cyber security solutions. I'm wondering in the Chinese market, what do you think for those startups operating and developing in the Chinese market, how many of them are actually using the cyber security and how much of them are still ignoring it? I probably don't have all the stats, but I would say definitely China in many ways has been in the forefront of cyber security. I go to the DEF CON, which is the hackers conference that happens in Vegas every year. And more and more I see the teams from China presenting and competing. So I think that awareness is absolutely there. And I think a lot of companies, especially when they try to provide their services to the product globally, they need to provide that assurance that they take care of security, they take care of privacy. So I think more and more of them will do that. I don't have the stats at hand. I can add anecdotally add on. So when we started Cloudflare, we used to track who was signing up for the service. Originally, our largest market was from the United States, small businesses. Our second largest market were Chinese companies that were signing up for Cloudflare. And that was early on. No one knew us. I mean literally this is eight people in a room in San Francisco on the third in Townsend. And we had launched, there was no media cover, no marketing dollars. We just we had built this service and somehow these small businesses across the world were our second biggest market. And so I think that says a lot to the number of small businesses there are around the world. I think they're the lifeblood of a lot of economies. And again, the lack of solutions. And when there was a solution, again, there was a great demand and they were like, we need this. And so, you know, and today it becomes, it continues to be a big market for us. And so I think anecdotally it just, I just wanted to add on to what you guys said. David, anything to add to that? I think the idea comes from the concept of the Chinese scrappy. But one thing you're starting when you understand the Chinese ecosystem, Chinese companies like to lean on the partners to take care of the non-essential or not essential for their core business. Not their competitive advantage. They know they are terrible in cybersecurity. That's how they lean on. Call for air that fast. Same thing is also happening in the hardware space. So it's good to recognize that security is not, security can be obtained with proper cooperation. Not some hero hikers in-house who's going to do all of them. Thank you for your question. I think there was another question right in the middle. Hello, allow me to raise the question in Chinese. I'm from a China development network and the China NDRC. When we talk about cyber security, it is related to the cyber space or virtual space. So talking about cyber security, it is like keeping the word safe in the cyber space like public security or the legal system in the real world. It is quite complex for your report. When you refer to cyber security, how do you define it? Is it a methodology or a strategic guidance? Could you clarify and how do you define your report? Thank you. So the question for those who didn't have the headphones on is how do we describe cyber security? How do we define it? And then talk a little bit more about that in relation to the report. Who wants to jump in? Shall I give it a try? Yeah, start us off. I think we're not going to make much progress if we have an intellectual debate about definitions. I think in this discussion, I sort of like to go back to a picture of drinking water. You know, 200 years ago, it was very dangerous to drink water. And you know, millions of people got killed by drinking water. And then sort of about 150 years ago, society started to realize they have to do something about it. And it was actually a multi-stakeholder effort to make sure that nowadays we can open a tab and what comes out is mostly safe drinking water. We had urban planners who were designing cities so that actually we had pipes for safe water and for unsafe water. We had chemists and pharmacists who were thinking about what do we need to do actually to prevent people from getting ill from water. And actually we had to also educate people, you know, what do you need to do when you're not sure about the safe drinking water. And so for me, actually, the conversation we're having is very much sort of like 150 years later, how do we make sure what comes out of the plaque there or out of the air, you know, is as clean and as safe as the drinking water. Now you made an interesting point with regards to laws. And I think let's acknowledge for a moment that lawmakers will not be fast enough to keep up with technological developments and change. And I think what we try to accomplish with this is that a industry community in that moment is the investors sort of develop like their own rules or develop their own principles in order to create a more and safer environment. And I think that's really at the heart of the efforts of the World Economic Forum. And this report or this initiative is one of those examples where we'd like to make a contribution to a safer cyberspace. I was going to add, I think the other, I see a lot of the value that's being encapsulated in the report, it's also just provide a unique angle to think about as an investor what you should be doing, you know, we know investors, especially I come from Silicon Valley, they're the ones who really provides a lot of the fuel for innovation. And we're basically saying from the investor perspective how do we help them and incentivize all those innovations and incentivize people to do security by design and not doing afterthoughts. I think it's not particular to either network security or endpoint security, it's just about cyber security in general. David, any additional points to add? No, I think some panelists did a terrific job. I love the drinking water analogy. Yes, I'm definitely going to use that again. It's very clear. Yeah, good multi-stakeholder example. Yes, very good. And a history lesson too. Right. Everyone wins. Oh, we do have another question in the front row. It's more of a suggestion is that in the startup community, if you could isolate certain checkpoints because it's very difficult to reach all this, you know, hundreds of thousands of startups around the world. But I think if you could work, you know, because most of these startups will be, as you said, will be consumer based app based startups. So if you could work with Apple on the Apple Store and we could work on the marketplace with Google to enforce security before they are being able to publish them on these platforms, then you have a gateway where everything gets channeled because for these startups to get access to consumers, they will have to go and be approved by Apple and by this. So working at these gateways, I think, would enforce because they will have no ability to launch if they don't get past that checkpoint. So now what you are doing, you are doing a containment. So, you know, we need work at the grudst route with the investors with the startups, but that's going to take time to, you know, to trickle down. But I think until we get there, maybe as well equally, we need to work with the people who allow the startup to publish these applications online. I don't know if that is something that you are thinking about. Maybe I can quickly react to this. This is not something we're currently looking at. However, what you touch on is how can we create incentives in the market that, you know, the market starts to think and act responsibly when it comes to cybersecurity. And there's another area we're working on, actually, with insurance companies. Because when you want an insurance either for, you know, a cyber insurance or you want a sort of insurance for any business continuity insurance, if you wish. If insurance companies start to, you know, explain what they expect either to make sure that you qualify for an insurance or if you do this and that your premium will go down or if you don't do this, your premium goes up. I think that's another mechanism also to drive such behavior. I'll just, I can just add, you know, I think that if you today, and it has been for the last, you know, many years, decade, and today, cybersecurity is really top of mind for a lot of folks because of what we just talked about. And again, it impacts every single business, small and large, every government, every non-profit, and citizens around the world. I think the question is to ask ourselves, where are we going to be seven years from now? When, where are we going to be 10 years from now? And my point of view is we're going to be in a much better place because of exactly what you said. I think that their security is going to get much built into the products. There's going to be much more intrinsic product security so you can get to the point where the water coming out of the glass is safe to drink. And then you're going to have large companies, whether it's Cloudflare or, you know, Google Cloud or whatnot, where they have security built into their services, Splunk. And together, I actually think we're going to need a much better place seven to 10 years from now. And so the question is, how do you get from where we are to there? But I think that that is the future. And that's why at the end of the day, I think things, I'm optimistic for the future if we can get through the next couple of years. Right. Yeah. I think this brings up also a very interesting point about some of the opportunities that Fourth Industrial Revolution technologies provide is that there are all these ways to shortcut and actually leapfrog the processes. And I think one kind of final question I'd like to post to each of you and give you a moment to make a final comment is, you know, another aspect of the 4IR, the Fourth Industrial Revolution is how quickly things are evolving and changing and how sometimes it's hard for people and companies to keep up, especially in the world of cybersecurity. There's all these advances and companies are, you know, doing all these different things. Maybe for your closing thoughts, you could kind of sum up with how can people keep up and, you know, actually take advantage and help shape, you know, the trajectory of the Fourth Industrial Revolution? Who wants to start off? It's a big question. We ask the big questions here in Dalyan. I mean, I'm happy to start and I will not answer too lengthy, but I mean, I think that you're exactly right. We are in a moment of change and this is not going away. And so the leadership that of tomorrow is that you have to embrace the change and it's not just enough to cope with the change. You have to bring it about yourself and those are the best leaders. And I think that's really a definition to me for leadership 4.0 is it's not just coping with the change going on. It's like, how do I drive this within my organization or within my society? And the leaders that can do that will be the most successful. And I think that's really in an important kind of reflection for all the leaders here around the world to say, okay, it's not going away. Am I coping with it or am I really just gonna embrace this? And the second thing I will say which is really important is humans, if you have a high rate of learning, you can learn, right? And it's, you know, you can learn really quickly. There's so many materials online. You're not an expert in cybersecurity. It's not that hard. You learn the basics and all of a sudden, you know more. You start to have a conversation and you knew more. Okay, some of the some of the other things that are shaping other industries just start to learn, surround yourself with smart people and all of a sudden a year later, you know a lot more than you did a year before. And I think humans are incredibly resilient and have, if you have a high rate of learning, very curious individuals, you'll weather this as a leader very well. David, final thoughts? I think this is a really great start to highlight the question and especially when we get into the 4IR, we are going to experience thousands of different sensors around us passing data. One thing though is the, I think after 20 years of internet, 30 years of internet, moving fast and break things is not, should not be the operating principle we have. The, I mean for 30 years we worry about legislation is going to slow down the innovation. But now we are cleaning up the mess, probably taking another 30 years. So we should do, we should try to do the, we should try to do the, this connected device right. Do not resist to legislation. That's the, that's a process. With the, with the, the government be able to come up with a standard, especially with the facilitation of world economy form, having a global standard. Now everybody is coming out with the IoT standard, California is coming up with it, China is defining it and we should bring that up to the table, not to use the same excuse we used 30 years ago. It's the, you are going to slow us down. Let us move fast and break things. We are still living with that consequence today. So we should get it right this time. 4IR conversation, 1IR chair. We're still working on some stuff. Can you give us your final thoughts? Sure. I think digital, it's sort of the keyword when we think about 4IR. So coming from where I come from, I would say, really think about data as the foundational elements of what you do go into the future. And whether it's security strategy, it's business intelligence, it's even automation or AI as the new buzzwords, it all starts with the right data foundation. Well, let me close with the following thought. I think this is a very typical topic for the forum's multi-stakeholder approach. It is one of those challenges that we have as a world that cannot be solved by governments alone. It cannot be solved by the private sector alone. It also requires the support and the creativity of universities. Not only the university as at the upper end, actually primary schools, even kindergarten. So the whole education system needs to play a role here. And last but not least, I think individuals, hopefully with inspiration from different parts, be it private sector inspiration or also in schools, we'll have to sort of react to what's going on around them. So really, I think it's one of those challenges that probably together we're going to solve in a matter of years. It's not going to be a fast solution, but I share Michel's view that in five to 10 years, we're going to be in a much better place. Well, that was a much better way to end than what I had written down on my notebook. So Alois will be doing all the press conferences next year. Thank you very much to our panelists. Thank you for your thoughts and insights. Thank you to our journalists in the room asking the questions. And thank you for those on live stream. Signing off, this is the last press conference from the annual meeting of the new champions 2019. Enjoy the rest of your day. Thank you. I'm sorry for the phone.