“That’s why it has been hard for people historically to drive and invest in security. I think that is starting to change because governments are waking up to the fact that their only influence is through regulation and compliance. The boards are waking up to the fact that this could pose a clear and present danger to them professionally and to the valuation of their organizations,” Kawalec said. “The security profession is growing up and is starting to articulate things not in a bits and bytes feature benefits type of way, but in risk and strategic security posture. It’s a journey, but I think we’re slowly turning the corner.
Despite the best efforts of the government and private businesses, however, Kawalec believes that the probability of a cyber attack occurring against critical infrastructure somewhere in the world over the next several years is “very real.”
“We know the capability is there. We see vulnerabilities occurring on a daily basis and if you look at the World Economic Forum’s list of top 10 global risks, cybersecurity attack and disruption has made it onto the list for the first time alongside financial chaos and global environmental phenomenon,” he said. “Yes, I think it is very possible and we have to plan against that very eventuality and we need to be very cognizant that we’re likely to see that type of disruption. I absolutely believe that in the next five years we will see some very significant steps in that space.”