This post is part of our 2023 cybersecurity prediction series.
Jason Rebholz, CISO, Corvus Insurance
Cyber insurers will seek to fuse security data with risk modeling insights.
The 2023 cybersecurity landscape will continue to see the ripple effects from significant changes in the threat landscape throughout 2022. The fallout from Russia’s invasion of Ukraine, the rising threat of MFA bypass attacks, and an increase in hacktivist groups will shift how organizations view risk — a view that has been shaped over the last five years, primarily by ransomware. The shift in the threat landscape is amplified by changing external security perimeters. Boundaries are no longer defined by office network location; the external boundary is now amorphous. It extends to the user account, third parties, and wherever the organization’s data resides. We have entered a time in which networks are formless and data sprawl is near limitless.
This all necessitates the need for true risk quantification of companies’ security controls now more than ever. With that, I expect to see more investment into quantifying cyber risk. This will drive better collaboration and data sharing between security companies. Cyber insurance carriers will lean into partnerships with technology companies to fuse security data with insurance and risk modeling insights. The net result is more accurate risk quantification, which will in turn help keep policyholders safer.
Vincent Weafer, Chief Technology Officer, Corvus Insurance
Cyber insurance will become a core part of understanding cyber risk and building resiliency.
I expect the volume of virtual-first business operations to increase in the year ahead. In turn, cyber insurers will need a deeper and more dynamic understanding of organizations’ cybersecurity risks and IT systems in order to reduce cyber risk and build resilience. By partnering with third-party cybersecurity solutions providers, insurers will gain greater risk insights and leverage these to set new expectations for potential policyholders and help raise their cyber posture.
As digital transformation initiatives accelerate, more organizations will also migrate to cloud-based IT environments. As a result, they must be prepared to face the new challenges in managing and mitigating the cyber risks that accompany digitization. Threats can come in the form of sophisticated ransomware attacks or even basic business email compromise (BEC) attacks — both of which can cause debilitating harm. In the new year, building cyber resiliency will be a critical priority business leaders won’t be able to ignore. This can take a variety of forms, from developing larger initiatives and partnerships with insurtechs — to understand threat patterns and improve cyber risk assessments for the long-term — all the way down to building cyber skills through regular employee training.
###
Comentarios