KEY ISSUES FOR DIGITAL TRANSFORMATION IN THE G20
2jz0oUm
2jz0oUm
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
If they have not already done so, <strong>G20</strong> economies may wish to consider adhering to the 2015 OECD<br />
Recommendation on Digital Security Risk Management for Economic and Social Prosperity which may offer<br />
useful guidance as governments undertake to develop or revise their national digital security strategy and set<br />
up digital security risk management frameworks. Sharing of best practices would facilitate the development of<br />
these frameworks and their implementation.<br />
<strong>G20</strong> economies could take action to encourage SMEs to leverage the opportunities of the digital environment<br />
for their business and at the same time promote good practices to minimise potential adverse effects. While<br />
different types of SMEs face different challenges, all would benefit from integrating digital security risk<br />
management into their business decision making. Increasing SMEs awareness of digital risk and elevating their<br />
capacity to manage it is critical. Given that SMEs may lack expertise and face resource constraints, larger<br />
organisations, industry associations, the technical community and governments can play an important role in<br />
this area and share their knowledge, skills and expertise about best practices in managing digital risk. Useful<br />
approaches could include the development of SME-specific risk management guidance tools and incentives.<br />
While technical experts and policy makers generally agree that digital security risk and privacy concerns are<br />
changing in scale and require urgent action by all stakeholders, the evidence to support this conclusion<br />
remains often anecdotal and qualitative. With some notable exceptions, the available statistics are often not<br />
sufficiently robust to be used with a high degree of confidence for public policy making. While this situation is<br />
typical of an area which, without being completely new, is still at an early stage of maturity, there are also<br />
some complex challenges related to measuring digital security risk, including data breaches. For example,<br />
organisations may be reluctant to disclose quantitative information about vulnerabilities, incidents and impact<br />
to avoid further exposing their reputation or attract malicious actors.<br />
Compared to other areas of digital economy policy, such as telecommunications policy, digital security and<br />
privacy statistics are still in their infancy. However, organisations and business around the world are facing<br />
similar digital risk challenges. There are, therefore, ample opportunities for countries and leaders in public and<br />
private sectors to learn from one another. In order for this mutual learning to take place, there is a need for<br />
agreed upon and consistent terminology and indicators that can be systematically collected and are<br />
comparable over time and across countries. These indicators would help governments and business design and<br />
evaluate policies and risk management strategies, learn from failures and successes, and promote adoption of<br />
good practice.