Enterprises share intelligence together, or get breached individually
The increase in cyberattacks, especially from nation states targeting critical infrastructure, government agencies, and corporate intellectual property are all fueling the motivation for more cybersecurity information sharing. Earlier this year, President Barak Obama signed Executive Order -- Promoting Private Sector Cybersecurity Information Sharing to promote sharing information security threats within the private sector and between the federal government and the private sector.
“It will encourage more companies and industries to set up organizations -- hubs -- so you can share information with each other. It will call for a common set of standards, including protections for privacy and civil liberties, so that government can share threat information with these hubs more easily. And it can help make it easier for companies to get the classified cybersecurity threat information that they need to protect their companies,” President Obama said at the Cybersecurity and Consumer Protection Summit at Stanford University.
Our survey found, interestingly, when it comes to providing those data sharing standards and methods, among the organizations that don’t collaborate, they reported that it was that lack of sharing processes and standards that were holding them back. The executive order hopes to change that with the creation of Information Sharing and Analysis Organizations (ISAO) that are broader in scope than the current and industry-specific Information Sharing and Analysis Centers (ISAC). The ISAOs will include cybersecurity sharing among specific industries as well as for specific geographies and security events as needed.
“Without effective information sharing, there is no way to know what is actually going on. We can never know if the grid is under attack, or what to do if it is. We can never know if it is just our own problem [within a single organization] or something broader,” said Chris Blask, director of Webster University's Cyberspace Research Institute.
Cyber insurance gains some momentum
If the busy history of data security breaches has taught us anything about cybersecurity, it’s that enterprise security efforts certainly reduces the frequency of cyber attacks. And they may also mitigate the damage done by thieves and attackers, more often than not. But data breaches are bound to happen. Enter cyber insurance. While cyber insurance has been around for decades, and hasn’t managed to grow into more than a small niche: the idea is finally starting to take hold. Cybersecurity insurance is one of the fastest-growing segments in insurance. PwC forecasts the global cyber insurance market growth from 2.5 billion this year to $7.5 billion by 2020.
This year’s survey found that 59 percent of respondents have purchased some level of cyber insurance. Currently, such policies commonly cover data destruction, denial of service attacks, theft and extortion; they also may include incident response and remediation, investigation and cybersecurity audit expenses, other areas of coverage include privacy notifications, crisis management, forensic investigations, data restoration and business interruption.
Sign up for CIO Asia eNewsletters.