Anett Mádi-Nátor: C-Level Cybersecurity Awareness – Does the C-Suite Fall Behind in Understanding the Importance of Cybersecurity Services?

Thank you so much. So I, I prepared a little bit of outline for you just to set the scene and set the appetite for my, for my keynote. I will start with the dark side and then I will highlight a kind of shiny side approach. And then I will give you a case study to, to highlight how everything set up. In reality, the dark side, in the dark side, we will talk about a Elizabeth of statistics. I will give you cybercrime value estimations. Then now couple of keywords related to geopolitics hybrid warfare information warfare, and, and the issue that we call cyber called war. Then we will jump to the Chinese side. We will briefly discuss what the EU answers are to this problem, how EU aims to shape the digital future with special regards to COVID 19 issues. And then as I already mentioned, we will discuss how everything translates down. Let's say that to reality.
So first the dark side, I believe the most important issue we have to learn. And we have to take into consideration is that, is that NA data has become a new, let's say natural resource. It has been described several ways by now. One of the most significant ones like data is the new oil and we need to fix it, extract it, refine it, distribute it and monetize it, just like everything else that humans use as natural or non-natural resources. So this is where we start from due to that many people, many experts started to, to monetize data. And one of the related statistics is, is what we can link to Steinberg crime here. I collected a couple of financial data, and these are very important to understand because I, I always try to, to make the sea level a bit more aware about what the difference is between estimations and reality. Now, the first such value that I want you to to sort of remember is that the cost estimates of 20 17, 20 15 were of 6 trillion, which means that the cyber crime cost was considered as to raise to 6 trillion by the end of 2020 or early 2021. Now, what we have now is much less because the real value that we can actually count is down to 3 trillion. The value is, is in us dollars, just not to create any sort of bad message. I do believe that 3 trillion is still a lot.
Let's talk about the amount of data that we have to protect because we process it. If you start from 20 15, 20 17, and you compare the amount of data that was processed that time by the end of this year, the world has to process 50 times more than we did three or even five years ago, 50 times more. The growth is enormous comparing to that. Actually the amount of, of cyber crime is not that huge. Nevertheless, we have issues little bit about the spending cybersecurity ventures, a company, a Gardner Analyst company projected that 1 trillion us dollars will be spent globally on this industry cybersecurity industry between 2017 and 2021.
And that's an estimation from 2016 to at beginning of 2017. Now the validated spending for the same period is 700 billion. So it's a little bit less, but the spending was growing 10 to 20% per each year within the mentioned time, period. Why is that? So behind the scene, and I'm saying behind a scene, because you, you don't see it with your eyes, but in the digital world, what we have is a booming, a very intensive information warfare that works in collaboration with cyber crime. Why do I mention this? Because information warfare is considered usually a political or military issue, but when it's in deep collaboration in with cyber crime, then it's affect, then it affects very strongly, the everyday digital life of every organization, which now has anything run on digital systems.
Now let's talk a little bit about the shiniest side, because this is, this is a very intensive package, but we have to formula. And so that we have to formulate some kind of answer package to that. And within disrespect, the EU is, is quite intensive and quite active for shaping Europe's digital future. We have a lot of regulations, a lot of strategies. And these slides mentioned just a few. I am quite sure that all of you have already heard about the, the, the general data protection regulations. I'm not going into details about it. Hand in hand with it comes the, the directive on security of network and information systems, which is the NIS directive. Now we already have the EU cyber security act act came into force. We also have an agency and strengthened agency, the Anesa, which is the EU cyber security agency this year in 2020, the European cybersecurity certification framework is created hand in hand with that comes the European cybersecurity certification group.
And, and there are two very important strategies we need to mention the digital single market strategy within that. There is, there is for example, the latest highlight, which is about green and digital and, and one of the newest narratives is the digital sovereign for Europe, which aims to create a more resilient EU digital environment. So if we, if we just go back to the previous slide to this one, on one hand, we have a very intensive cyber warfare situation and an ever-growing cyber crime situation that affects the everyday digital life of a sea level who needs to take care of its organizations, digital security. On the other hand, we have bright and shiny agendas.
And how does it turn a little bit down to financial support to the sea level? There is a huge investment package coming in the next investment period for the, for the E environment, which we call multi annual financial framework. It has a huge budget. It goes up to 1.1 trillion euros. So it is very close to the value that we estimate to cyber crime in general. So we have a kind of balance here. We also have a new recovery instrument related to the COVID 19 situation, which is, which is called the next generation EU with a little bit less value. It's seven, 750 billion euros that were run for for three years from 2021 to 2024. So we have a lot of financial resource allocated to how to handle this digital situation. One of the most important or most, most significant such programs is for example, the digital Euro program it's worth more than 8 billion euros.
If you feel necessary, I am very, to happy to share this presentation, because it can give you direct data. If you would like to have a little bit of information here on this slide, I collected a bit more, a selection of further funds and their value as well. This is official data. So you are modern, modern, welcome to rely on this. So this is, this is what the EU offers as an answer to the cyber crime situation, and to create a more secure digital sphere within the EU environment. Now, as, as a kind of, so this is the political agenda package and the strategic slash very high financial agenda package. But what is more important? We need to understand what the situation is at C-suite every day to, to highlight how everything turns down to reality. I prepared a case study for you, which I would like to describe briefly. So let's jump to reality. Let's imagine that there is a cybersecurity project management cybersecurity project, somewhere at a regional bank in Europe, and there are some certain issues with it. I am quite sure that what I am going to describe will be very familiar with sound very familiar to many of you who are listening.
The aim of the project is a functional renewal of a bank card processing system. Okay? So we are talking FinTech here through GDPR. So though GDPR forces security by design and B C I DSS ensures banking, transaction identification, and security. There is no cybersecurity support planned in the early design phase of this particular project, unfortunately, but as time moves on compliance requires requires those documentation elements that ensure that the new bank card processing system will work in a secure way to enable the new development and to enter production phase. So to let the bank card processing system enter to production phase cybersecurity, documentation needs to be developed. Such documentation developed development is considered as the necessary bed and waste of resources by the project management team and sea level who are responsible for software development and for making this thing, enter production, the aim of that kind of setup.
And I would much rather say the aim of the project management team and the C level is to complete the task at the lowest cost at the most minimum time possible. Also this task, especially the cybersecurity one is considered as quantity, task, not as quality one. And the common goal again, is to launch the new system as soon as possible. So here comes the fund once the outcome, in case the cybersecurity service provider points at the security flows and weaknesses, and assumes that such cybersecurity support causes severe delay to finish the process, the managers involved much rather kill the cybersecurity project rather than eliminate the flows of the newly developed system.
What does this all mean? Why is this all happening? What is all hap what is happening in this relation in relation to this, the project management usually continuously misleads the sea level, not communicating real problems and not communicating real agendas as the project is nearing to its end. All participants are eager to secure their personal positions at the organization structure. The cybersecurity project phase delivered at the end of the development process is blamed for all flows and potential delays. So the scapegoat in this situation is usually cybersecurity. The sea level does not have enough insight and does not have enough understanding of the core problems. And so they ask they, they, it's very difficult for them to ask the right questions and what they ask is only traditional old school mindset, and this is what they follow and, and here, and, and this is the situation in which the new system is launching the business functions and the sea level does not have a clear overview of real threat values related to what they actually do.
So to not, not to close my presentation in such a bad mood, let me offer you a way out. And this is where I turned to back. I turned back to the moderator who introduced my keynote this morning. I believe personally, I believe. And I am sure that many of my colleagues believe that there is a way to educate and make the C level aware properly on how to handle such issues. So my takeaway message at this point to digitalizing or already digital CEOs, is to look for security, best practices, to enforce security by design, to allow organization-wide awareness programs dedicated for sea level and to operational levels as well.
And one more point to consider, I believe that the key to success is that security has to be made personal responsibility of the sea level, which is the top management and has to be allocated to individual sea levels to guarantee that there will be attention put on all issues. What does this all mean in practice? If a CEO is already digitalized, it thinks, or he, or she thinks that virtual reality internet of things, artificial intelligence, credit computing, and all these disruptive technologies are not that disruptive anymore, but they need to be operated in a cyber secure way.
A digital CEO is also able to, to have a deep look at what sort of structure, talent, business culture, business processes, technology, and business metrics is needed to understand how much the organization needs to be changed and developed to get adjusted to this new age of customer driven economy and digital driven economy. Finally, one more point to make is that the CIOs and CSOs within the organization has to be risen very close. It's just my timing. Sorry, very close. Or to the top management, or have to be made part of it that enables the organization to, to operate on a much more cyber secure way on my slides. I prepared a couple of additional thought to assist leadership transla transition. So if you are interested, I'm very happy to share this for your further read. I believe my time is off. Thank you for your attention. And I'm very happy to answer to questions if any.