This report contains three sections to help guide investor action on cybersecurity:
- Cybersecurity due care principles for investors. Investors, whether financial or strategic, must understand the importance of cybersecurity when investing and developing the capabilities of their investment. By evaluating the current challenges that investors encounter with regard to cybersecurity in the course of the investment journey, six principles are proposed to enable investor action in both assessing and developing the cybersecurity capabilities of their investment. Investors should accurately tailor their commitment to cybersecurity, based on their level of resources and time commitment.
- Cybersecurity due care principles: guiding questions. Each of the due care principles is accompanied by guiding questions designed to enable investor understanding. It is vital that investors monitor and develop their own cybersecurity capabilities on an ongoing basis. The questions are designed to facilitate self-assessment on the due care principles.
- Cybersecurity due diligence framework. Cybersecurity due care principle number two recommends that investors conduct a robust due diligence assessment of the cybersecurity capabilities of potential investments prior to investing. The Cybersecurity Due Diligence Framework contributes to an investor’s overall cybersecurity programme, helping to accurately evaluate investment targets on cybersecurity and inform the investment decision.
This report is the first in a series of resources that will be published as part of the World Economic Forum initiative on incentivizing secure and responsible innovation.