Cyber Markets Roundup (Wk. 12, March '23): What lies ahead of cybersecurity amidst rising threats and stricter policies

WHAT’S NEW

Federal Bureau of Investigation Releases 2022 Internet Crime Report

The Federal Bureau of Investigation’s Internet Crime Complaint Center has released its Internet Crime Report for 2022, providing an overview of threats, the bureau’s efforts to combat cybercrime, and statistics on the state of cybercrime in the United States. The report notes that the center received 800,944 complaints, down 5 percent from last year, but overall damages rose from $6.9 billion to $10.2 billion. [Law Fare ]

What is the National Cybersecurity Strategy? A cybersecurity expert explains what it is and what the Biden administration has changed

Focus on cybersecurity insurance

As expected, the 2023 Biden National Cybersecurity Strategy reiterates previous recommendations about how to improve American cybersecurity. It calls for improved sharing of information between the government and private sector about cybersecurity threats, vulnerabilities and risks.

Backstopping cyber insurance

The Biden administration wants to ensure that insurance companies are adequately funded to respond to claims following a significant or catastrophic cybersecurity incident. Since 2020, the market for cybersecurity-related insurance has grown nearly 75%, and organizations of all sizes consider such policies necessary.

By protecting, or “backstopping,” cybersecurity insurers, the administration hopes to prevent a major systemic financial crisis for insurers and victims during a cybersecurity incident. [The Conversation ]

#HowTo : Improve Your Company’s Cybersecurity Training

Despite many companies investing more money than ever in advanced cybersecurity tools and technology, experts believe cyber-attack costs for US businesses will rise dramatically in 2023.

Here are three tips to consider to help improve your company’s cybersecurity training program:

1. Simulate Attacks to Improve Behaviors

These simulations of real-world, relevant scenarios can help increase employee vigilance and better prepare staff for threats they may face in a no-stakes environment. An environment of positive reinforcement means employees are more likely to report suspected phishing/smishing attempts ? even when it turns out their suspicions were unwarranted. This may mean more reports to check, but more aware – and wary employees.

2. Reduce Fear Fatigue with Small Steps and Add Context Around Threats

To combat fear fatigue and remind employees that their actions are critical to the overall security of the company, organizations can begin by taking small steps. Companies should consider starting by implementing company-wide password protocols. Mandating employees change their passwords every several months and implementing two-factor authentication are simple but powerful reminders for employees to be active participants in their company’s overall cybersecurity posture.

3. Implement a Zero-Trust, Least-Privilege Environment and Become Secure by Design

At its core, the zero trust cybersecurity security model closely guards company resources while operating under the ‘assume breach’ mentality. This means every request to access company information or services is verified to help prevent any unauthorized network access. [Infosecurity Magazine ]

New Cisco Study Finds Only 9% of Canadian Companies Surveyed are Ready to Defend Against Cybersecurity Threats

A mere 9% of organizations in Canada have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s NASDAQ: CSCO first-ever Cybersecurity Readiness Index released today. The index has been developed against the backdrop of a post-COVID, hybrid world, where users and data must be secured wherever work gets done. The report highlights where businesses are doing well and where cybersecurity readiness gaps will widen if global business and security leaders don’t take action.

Findings

• Alongside the stark finding that only 9% of Canadian organizations are at the Mature stage, 57% of organizations fall into the Beginner (9%) or Formative (48%) stages – meaning that their cybersecurity readiness is below average. Only 15% of companies globally are at a Mature stage.
• This readiness gap is telling, not least because 77% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 51% of respondents said they had a cybersecurity incident in the last 12 months and 34% of those affected said it cost them at least US $500,000. [Globe Newswire ]

If you enjoyed this edition of the Cyber Markets Roundup, we are inviting you to connect with us on?Susbtack ?for free and let us build a community of like-minded individuals who are interested in cybersecurity, stocks, and financial markets.