TRENDING
Murray Mills , Manager – Cyber Security at Tecala and top-down support required to mitigate against these risks and drive a security-first culture internally . centered around Modern Management . There ’ s no reason to believe that level of interest won ’ t continue .
Other drivers are more direct , such as a proposal on the table to make company directors personally liable for cybersecurity incidents . Directors of Australian financial sector participants also face direct pressure to skill up on cybersecurity : “ Boards need to strengthen their ability to oversee cyber-resilience . Ultimately , … boards [ are expected ] to have the same level of confidence in reviewing and challenging information security issues as they do when governing other business issues ,” Australia ’ s corporate watchdog recently wrote .
Modern Management is an umbrella term for a collection of strategies , services and software that is designed to help businesses to deploy and manage assets in the ‘ new world ’. It can be used to protect employees and the devices and systems they are logged into , regardless of what they are doing , where they are doing it from and what they ’ re working on .
It also ensures that all people and devices requesting authorization to connect to an organization ’ s network or applications meet appropriate security standards before they can login , and then that they can only access resources that are appropriate to their level and associated permissions .
The intersection of governance and cybersecurity will only increase in importance . Cybersecurity will be a top-down problem that must be taken seriously and for which responsibility will ultimately sit with the board and C-level executives .
It will become harder and more costly to get cyber insurance
On the other side , escalating ransoms and mopup costs have cyber insurers de-risking as much as possible . Too many organizations are being compromised and running up multi-million-dollar clean-up bills they expect insurers to meet .
To some extent , organizations may still be refining what work in 2022 looks like . We see organizations recruiting for fully-remote workers that will rarely , if ever , attend an office . We also see employees prioritizing flexibility over more conventional workplace benefits .
With so many future ways of working still up for negotiation , organizations will need to adapt their approach to Modern Management as well . It may have gotten them this far but will require changes to fit with what the workplace of 2022 will look like .
Security awareness reaches the board
The next two trends are related : the increased visibility of cybersecurity issues within organizations , and liability challenges that stem from that .
Payouts have halved in some cases , while premiums have skyrocketed ; industry body CIAB saw cyber premiums rise 27.6 % in the three months to September 30 alone .
At the same time , insurers are trimming exclusions , testing contractual clauses before the courts , and forcing those seeking cover to constantly improve their baseline security capabilities and technology to reduce the risk of compromise .
We have seen during recent cyber insurance renewals that insurance companies are aligning questions to CIS and Essential Eight frameworks . The alignment to frameworks is catching some companies out when asked to provide evidence of MFA enforcement and vulnerability management capabilities for example .
This year , more than any other before it , cybersecurity became an issue for the board of directors and C-level executives .
Ransomware ’ s role in that cannot be under-estimated : executives have now seen enough times the devastating consequences of a successful infection at other similarlysized and similarly-resourced firms , and are far more aware of the risks and levels of sustainable investment
All of which is to say that cyber insurance is a rapidly evolving space both in Australia and overseas , and 2022 will make or break the business models that have brought us to this point . There may be very real ramifications for the ability of organizations to secure cost-effective cover as a result , and that , in turn , is likely to lead to a fresh round of investments in cybersecurity aimed at reducing liability and mitigating against professional and organizational risk all around . p
26 INTELLIGENTCIO APAC www . intelligentcio . com