CEOs and governments should treat digital security as an economic risk


01/10/2015 - Digital security risk should be treated as an economic rather than a technical issue, and should be part of an organisation’s overall risk management and decision-making, according to a new OECD Recommendation to member countries.


A global, interconnected, open and dynamic digital environment brings considerable business and economic opportunities - and holds even more promise as the Internet of Things and Big Data become pervasive. But countries and businesses are increasingly exposed to digital security threats that are growing in both number and sophistication.  


The OECD Recommendation on Digital Security Risk Management says that leaders and CEOs in the public and private sectors should take specific responsibility for the issue and integrate it into overall planning, rather than treating it solely as a technology matter.


“Digital risk cannot be eliminated, and a totally secure digital environment is impossible if you want to reap the economic potential it opens up,” said OECD Science, Technology and Innovation Director Andrew Wyckoff. “But digital risk can be managed effectively. The leaders of an organisation are best-placed to steer the cultural and organisational changes needed to reduce this risk to an acceptable level.”


The OECD, whose last Recommendation on digital security was in 2002, offers eight principles to guide digital security risk management, including on the responsibility of different actors, co-operation between stakeholders and the role of innovation. It recommends that countries adopt national plans to identify measures to prevent, detect, respond to and recover from digital security incidents.


You can download the full Recommendation here:


For further information, please contact Catherine Bremer in the OECD Media Office (+33 1 4524 9700).


Related Documents