A new report from the IBM Institute of Business Value outlines four key steps for government organizations to take to strengthen them against cybercrime.

The report says cyberattacks increased almost 100% in 2022 from the prior year, with an average cost of more than $2 million in damages for successful attacks. The report was inspired by the Biden Administration's National Cybersecurity Strategy announcement in 2023, with IBM hosting events in Washington, DC and Rome, Italy in coordination with the National Academy of Public Administration and the Center of American Studies to discuss the issues.

The four key steps the report outlines are:

1. Increase the cyber talent resource base. “Cyber skill shortfalls impact a broad set of disciplines, including analysis and engineering, software development, threat intelligence, penetration testing, auditing and consulting, digital forensics, and cryptography,” the report states. It estimates a worldwide shortfall of 3.5 million people in these areas.

2. Improve organizational collaboration for faster response. “Despite recent progress in improving public-private coordination, increased cooperation between cyber attackers continues to be an ongoing threat,” according to the report. “Threat actors are developing and promoting criminal infrastructures and services that hostile governments and gangs can use for illegitimate purposes. Bad actors are also adopting new technologies quickly to penetrate networks and thwart efforts to contain threats, which can be difficult to counter when those efforts depend on coordination across entities with differing standards, missions, and priorities.”

3. Align public and private sector cybersecurity priorities. Focus areas should include emphasizing recruiting from a wider array of backgrounds for the cyber workforce, sharpening focus on security innovation as a competitive advantage, supporting zero-trust frameworks that assume network security is always at risk to internal and external threats, and institutionalizing continuous and pervasive cyber education from.

4. Study ways to bolster democratic institutions against cyberattacks. “(Cyber)attacks are designed to influence public support and involvement in electoral, legislative, or regulatory processes and include attempts to steer public opinion or undermine democratic norms of behavior,” according to the report. “While the primary objective of these overt or covert campaigns is to sow confusion and promote social discord in the near-term, participants recognized that longer-term efforts could succeed in swaying public opinion.”

The report is available for download.

Image from IBM Institute of Business Value.