By Klara Jordan
The Group of Twenty, also known as G20, will meet this year on June 28 and 29 in Osaka, Japan. The group is an international forum for the governments and central bank governors from 19 countries and the European Union (EU). This group gathers the leading digital and industrial powers of the world.
For its presidency, Japan has laid out an ambitious agenda, including topics such as the digital economy, the challenges of aging societies and economic growth, and the reduction of inequalities, all of them with an immediate impact in the European context. Cybersecurity has been a topic discussed at previous G20 summits, however, mostly at bilateral levels.
The Osaka summit will be an opportunity for this group of leaders to jointly reinforce and fully unlock the potential of the digital economy. The underpinnings of our global economy –whether large financial institutions or small businesses – have to be and remain secure in a scalable and affordable way.
Currently, large actors in the financial services sector, as well as small businesses around the world, are being undermined by rampant online fraud and insecurity. In a sector that is still struggling to regain trust and confidence after the 2008 crisis, which hit our continent so hard, sound cyber risk management is crucial.
At the upcoming G20 summit, global leaders should be promoting steps towards the achievement of a stable and resilient digital economy. Beyond continuing to stress at the G20 level that secure digital infrastructure is the backbone of a thriving digital economy, the Digital Economy Ministerial Declaration that will be a part of the summit’s outcomes should reinforce two points.
In the first place, the world’s largest organisations, as well as critical business systems such as banks, payment systems, and stock markets, have to continue to build confidence in their security and their capacity to respond and mitigate any crisis.
At the domestic level, the G20 ministers could encourage and ensure that such organisations, which are the backbone of the global economy, will contribute to minimize the opportunities for consumer fraud through e-mail spoofing. As a basic element of digital trust, consumers need to know that the e-mails they receive are legitimate and not a gateway to phishing attacks leading to data breaches, loss of revenue, or the rerouting of internet traffic to overwhelm networks or to drive users to malicious sites aimed at stealing information or distributing malware.
Recent reports have shown that most of such core organisations for the global economy have not adopted basic e-mail-authentication measures. The Q4 2018 Email Fraud & Identity Deception Trends report from Agari noted that, while 51 percent of Fortune 500 companies have adopted DMARC, only 13 percent of them have set up the DMARC enforcement policies needed to activate the protection. DMARC is an open e-mail-authentication standard designed to prevent fraudsters from impersonating brands in e-mail scams.
In 2017, consumers of a sample of 20 countries (six of them, from the EU) lost an estimated $172 billion through fraud from spoofed domains and other forms of online fraud. GCA’s research shows that the 1,046 domains that had successfully activated strong protection with the GCA DMARC Setup Guide could have saved $19 to $66 million from limiting business e-mail compromise (BEC) for the year of 2018 alone.
Just imagine the enormous economic benefits of a wide-spread adoption of DMARC across the G20 countries. Such savings could then be turned into actual investments to support the global economy and other G20 priorities.
The second issue is that of protecting small businesses in a scalable, inclusive, and affordable way. Small businesses are the engines of global innovation and employment growth, and they make up an important part of the supply chain for large global institutions. The 2018 G20 summit in Argentina recognised that, in order to maximize the benefits of digitalization and emerging technologies for innovative growth and productivity, the G20 should promote measures to boost micro, small, and medium enterprises and entrepreneurs, bridging the digital gender divide and achieving further digital inclusion.
At the 2019 summit, the G20 leaders will have an opportunity to push for a new kind of inclusivity for small business – inclusive cybersecurity, the capacity for small businesses to harden their own defenses by themselves, regardless of their size or their human or technical resources. At the national level, this could translate into governmental action to promote and support the development of forms of operational cybersecurity guidance for those small businesses that lack the capability to translate their security needs into practice. GCA’s Cybersecurity Toolkit for Small Business, a set of free tools designed to immediately reduce the cyber risk of small businesses, is a good example of such action.
Some countries in the G20, in fact, have taken similar action already. In the US, the National Cyber Security Alliance’s (NCSA) CyberSecure My Business program provides a series of in-person, interactive workshops based on the National Institute of Standards and Technology (NIST) framework for small businesses. And in the EU, we have campaigns such as the National Cyber Security Centre’s (NCSC) Small Business Guide on Cyber Security, in the UK, or INCIBE’s Protege tu Empresa program, in Spain. Similar initiatives should be promoted by the Economy and Finance ministers of all G20 countries.
Technological development and digitization will only lead to sustainable global economic growth if the small and large organisations supporting the global economy are safe and sustainable. The G20 gathering in Japan this summer brings an opportunity to reinforce this message collectively, but the actual work will need to take place within the G20 governments, by promoting measures for small and large organisations alike at their respective national levels.
The context of the EU, with a common market (the biggest single market in the world) and, specially, with shared regulations being enforced from the European institutions down to its state members, will offer a perfect scenario for this.
The author, Klara Jordan, is the Director, EU at the Global Cyber Alliance. You can follow her on Twitter at @JordanKlara or connect with her on LinkedIn.