We have been discussing cyberwar for many years now, and there is no shortage of people willing to dramatize and embellish the topic.
However, the cyberwar narrative, often sensationalized, isn't so far from reality. As we continue to exist in a digital era, cyberwar is an ongoing process, subtly shaping the every day interactions and challenges organizations face. The advances in automation tools like ChatGPT could become catalysts as more cybercriminals find innovative ways to exploit them.
The State of Cyber Risk Insurance
A recent Forbes article titled “The cost of cybersecurity insurance is soaring–and state-backed attacks will be harder to cover” paints a grim picture. It uncovers how cyber insurance companies refuse to pay for attacks attributed to nation-states or state-sponsored entities, citing them as 'acts of war.' The catch-22 lies in the difficulty of attributing attacks, making it almost impossible for organizations to prove their claim.
When the difficulty of being compensated for the damage is combined with the increasing hesitance of insurers to make policies available and the requirements of providing evidence that the applicant for the policy is already following best practices, many organizations are in a lurch. How should they invest efficiently to be protected and also have insurance coverage? This shift points to the importance of early warning systems.
Cyber insurance issues leave organizations potentially stranded when dealing with cyber risks. With cyber-attacks no longer a matter of 'if' but 'when,' a significant shift in approach is required.
Early Warning Systems: The Beacon in the Storm
We already use early warning systems globally to help us avoid potential disasters or situations we know will keep coming. A perfect example of this is the weather. Although it is largely unpredictable long-term, we have early warning systems to gather enough data to determine when something terrible is about to happen on the weather front. It is never 100% accurate, but it is close enough that we can gather enough information to determine what course of action to take and prioritize to minimize the damage.
Given the growing cyber threats, early warning systems might be our most practical option. Relying on hope and insurance coverage is no longer viable - if it ever was. In the face of cyber threats, prevention is indeed the best cure.