Security awareness reaches the board
The next two trends are related : the increased visibility of cybersecurity issues within organisations and liability challenges that stem from that .
This year , more than any other before it , cybersecurity became an issue for the board of directors and C-level executives .
Ransomware ’ s role in that cannot be under-estimated : executives have now seen enough times the devastating consequences of a successful infection at other similarly-sized and similarly-resourced firms and are far more aware of the risks and levels of sustainable investment and top-down support required to mitigate against these risks and drive a security-first culture internally .
Other drivers are more direct , such as a proposal on the table to make company directors personally liable for cybersecurity incidents .
Directors of Australian financial sector participants also face direct pressure to
skill up on cybersecurity : ‘ Boards need to strengthen their ability to oversee cyberresilience . Ultimately , boards are expected to have the same level of confidence in reviewing and challenging information security issues as they do when governing other business issues ’, Australia ’ s corporate watchdog recently wrote .
The intersection of governance and cybersecurity will only increase in importance . Cybersecurity will be a top-down problem that must be taken seriously and for which responsibility will ultimately sit with the board and C-level executives .
It will become harder and more costly to get cyber insurance
On the other side , escalating ransoms and mop-up costs have cyber insurers de-risking as much as possible . Too many organisations are being compromised and running up multimillion-dollar clean-up bills they expect insurers to meet . Payouts have halved in some cases , while premiums have skyrocketed ; industry body CIAB saw cyber premiums rise 27.6 % in the three months to September 30 alone .
At the same time , insurers are trimming exclusions , testing contractual clauses before the courts and forcing those seeking cover to constantly improve their baseline security capabilities and technology to reduce the risk of compromise . We have seen during recent cyber insurance renewals that insurance companies are aligning questions to CIS and Essential Eight frameworks .
The alignment to frameworks is catching some companies out when asked to provide evidence of MFA enforcement and vulnerability management capabilities for example .
All of which is to say that cyber insurance is a rapidly evolving space both in Australia and overseas and 2022 will make or break the business models that have brought us to this point .
There may be very real ramifications for the ability of organisations to secure cost-effective cover as a result and that , in turn , is likely to lead to a fresh round of investments in cybersecurity aimed at reducing liability and mitigating against professional and organisational risk all around . u
76 www . intelligentciso . com