Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s that time of the year again, 2024 planning. Security and third-party risk management leaders are scrambling to prioritize their initiatives for the coming year, advocate for more resources, and report on their progress over the past year. When only 16% of organizations report that they effectively manage third-party risk, the new year provides a blank slate to introduce new efficiencies to existing processes.

Just like other insurance markets, subjectivities have become a staple of cyber insurance. When a cyber insurance underwriter issues a quote to the broker and insured, there may be additional requirements that must be met before the policy and coverage are activated. The management and resolution of these subjectivities creates friction for all stakeholders involved. It takes longer for insureds to obtain coverage, for underwriters to collect premiums, and for brokers to earn their commission.

The modern application landscape is rapidly evolving, creating new tools, technologies, and processes that allow organizations to deploy production code faster. But risks to application security have also changed significantly, requiring the security discipline to evolve in order to adapt to new types of attacks.

McLaren Health Care is a network of 13 hospitals and three clinics serving the residents of north and central Michigan. They care for more than 732k lives by providing various services and network solutions, including a national cancer institute. Around August 2023, McLaren suffered a cyberattack—exposing the data of 2.2 million people.

Here we are, at the end of 2023. It’s high time for updating defence in depth strategies across all organisations, and let me tell you why. We’re all aware of the uptick in high profile cyber attacks and compromises, across all sectors. Ransomware specifically has caused more economic loss and pain for the business world than any other information security event previously, and attacks are speeding up at a steady rate with larger and larger targets and ransoms being asked.

Unless you have been hiding under a rock the last few weeks, you will know about the SEC taking action against the SolarWinds CISO in a landmark case that is going to change the way CISOs undertake their jobs in the future. The SEC’s action against the SolarWinds CISO is a wakeup call for all CISOs.