New U.S. Cyber Strategy Heralds Major Shift for Addressing Attacks
Published on March 28, 2023
By Max Dorfman, Research Writer
A maturing Internet of Things (IoT) calls for measures to increase cybersecurity at the national, international, and private sector levels, according to a recent report by the White House.
The new National Cybersecurity Strategy comes as cyberattacks continue to wreak havoc across the world, causing billions of dollars in damages. Furthermore, autocratic states such as China, Russia, and North Korea have ramped up aggressive cyber abilities to disrupt other nations’ interests and “broadly accepted international norms.”
Key Takeaways
The White House report aims to “build and enhance collaboration” for cybersecurity around five main tenets:
Defending critical infrastructure, involving mandatory requirements for cybersecurity, as the marketplace insufficiently rewards and even hinders who invest in measures to protect against cyberattacks. Disrupting and dismantling threat actors, including diplomatic, military, and law enforcement measures to negate these attacks. Shaping market forces to drive security and resilience through driving adoption of best practices in cybersecurity and resilience, utilizing the market to enhance capabilities. Investing in a resilient future by engaging strategic public interests involving innovation, R&D, and education to ensure U.S. leadership in these areas. Forging international partnerships to pursue shared goals through working with international institutions to identify and progress state behavior in cyberspace, including building peacetime norms and confidence-building measures through the U.N.Reimaging collaboration as partnerships and investment
According to the report, adhering to these principles require two fundamental changes in how the U.S. “allocates roles, responsibilities, and resources in cyberspace.”
The first shift involves rebalancing the responsibility to defend cyberspace. The report states that end users are often tasked with far too much responsibility for lowering cyber risks. With small businesses, state and local governments possessing limited resources, a single individual’s failure to judge these risks can have national security consequences—which must be rectified.
With this in mind, the report states that the government must protect its systems, while safeguarding private entities, particularly critical infrastructure. Further, “core government functions” like diplomacy, intelligence, imposing economics costs, law enforcement, and interrupting cyber threats are all essential to counteracting the threat of cyberattacks.
The second shift involves realigning incentives to favor long-term investments. This entails defending current systems, while simultaneously advancing a digital ecosystem that is more defensible and resilient. This includes rewarding security and resilience with market forces and public programs, embracing designed security and resilience, and investing in research and development for cybersecurity in a strategic manner.
While the implementation of these strategies is complex, the National Security Council (NSC), alongside the Office of Management and Budget (OMB), will lead efforts to implement a cohesive strategy, reviewing existing policy and assessing the need for new policy. The Federal Government will also use a data-driven approach to evaluate its efficacy, a much-needed move as cyberattacks continue to threaten the safety and economy of nations around the world.
Rising cybercrimes create risks for insurers and consumers
In 2022, 1,802 data compromises affected approximately 422 million people, according to a report by the Identity Theft Resource Center. Although data compromises remained even from 2021, the number of overall breaches has continued to rise. Additionally, losses continue to rise from cybercrime complaints, resulting in 10.3 billion in damages in 2022, according to the Internet Crime Complaint Center.
As these issues present major problems for consumers, the global cyber insurance market continues to grow, with an estimated reach of over 91.22 billion by 2031. This represents a compound annual growth rate of 23.78 percent from 2023 to 2031.
This market poses challenges and opportunities for insurers, as more cyber security professionals are needed to examine and prevent these threats. These risks can be addressed through training in cyber intelligence – but it will take significant investment to achieve this market’s expansion.
Read more:
Cyber liability risks | III