New U.S. Cybersecurity Report: Most American Businesses Are Unprepared
Are you prepared if a cyber attack occurred at your business? Are you prepared to pay the ransom if your cybersecurity was compromised?
A new government report on cybersecurity warns that America is truly under prepared for cyber attacks and calls for the creation of a federally-funded center to develop cybersecurity insurance certifications and a public-private partnership on cyber risk models.
The report uncovers the nation’s lack of policy toward cyber attacks and highlights evidence that, even though most American businesses are at high risk, few have cybersecurity policies or specific cybersecurity insurance.
“Our country is at risk, not only from a catastrophic cyber attack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system,” says the report from the Cyberspace Solarium Commission.
The commission advocates a strategic approach to cybersecurity that it refers to as “layered cyber deterrence,” which has the goal of a “reduced probability and impact of cyber attacks of significant consequence.”
The proposals include six solutions: reforming the U.S. government’s structure and organization for cyberspace; strengthening norms and non-military tools; promoting national resilience; reshaping the cyber ecosystem; operationalizing cybersecurity cooperation with the private sector; and preserving and employing the military instrument of national power.
According to the report, American business and government are “dangerously insecure in cyber” and increasingly relies on networks of digital devices that are vulnerable, if not already compromised. “The status quo is inviting attacks on America every second of every day. The status quo is a slow surrender of American power and responsibility,” says the report.
The report says the country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage and that a major cyber attack on the nation’s critical infrastructure and economic system would “create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast.”
In addition to its insurance proposals, the commission also recommends a new cybersecurity bureau in the State Department and a national data privacy protection law.
The commission’s more than 75 recommendations include several in the area of insurance.
First, the report calls on the Department of Homeland Security to launch a federally-funded research and development center to work with state regulators in developing certifications for cybersecurity insurance products as well as for underwriter and claims adjuster training. According to the report, this center and certifications are necessary in part because the insurance industry lacks the talent and pricing tools to improve the cyber risk management practices in the private sector:
The report calls for a public-private partnership on cyber risk modeling in which a DHS public-private working group of insurance companies and cyber risk modeling companies would collaborate in pooling available statistics and data for use in developing better, more accurate cyber risk models. This group should “identify areas of common interest so that these entities can benefit from one another’s risk modeling efforts, particularly with regard to dependency mapping and the consequences of cyber disruptions.”
Are you prepared if a cyber attack was to occur at your business? Are you prepared to pay the ransom if your cybersecurity was compromised?
Let’s set up a time to discuss if you are at risk and what protecting your business looks like. Call or email me today!
Originally published by Insurance Journal