Security News

Geopolitical instability is exacerbating the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report from the World Economic Forum. Over 93% of cybersecurity experts and 86% of business leaders believe "a far-reaching, catastrophic cyber event is likely in the next two years" and there is a critical skills gap that is threatening societies and key infrastructure.

"Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up a cyber defense against less easily exploitable but equally damaging threats." BlueVoyant analyzed 780 portfolio companies from private equity-backed firms, with the majority headquartered in the U.S., but including companies across Europe and around the globe.

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. The news is troubling, especially as email remains the most common vector for security compromises across all industries, observed Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a statement.

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can't keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organizations are not well prepared for today's rapidly shifting threat landscape.

Pure IR retainers typically don't offer security leaders flexibility to maximize their investment, but by being permitted to use credits toward preparedness, testing, simulations and so forth, cyber risk can be mitigated. There are three key elements to achieving an effective cyber risk retainer: negotiation, structure and execution.

Oomnitza revealed a snapshot survey, conducted by Gatepoint Research, which found that siloed technology management is increasing operational blind spots and cyber risk. While 76% of enterprises employ multiple systems to oversee the underlying technology that supports their IT and business services, 71% of IT leaders anticipate increased security breaches and operational expenditures.

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification in the modern cybersecurity landscape. Primary CRQ use cases include cyber budget allocation, board reporting and governance, cyber insurance and risk transfer options, M&A cyber due diligence and for capital reserve and management strategy.

Now, it is possible to look into the future and make contextual risk forecasts using cyber risk quantification. When data is collated and analyzed correctly, it can be used to provide a real-time risk score which is useful for improving the efficiency of security teams by helping them prioritize risk.

A systemic cyber risk is one where a single failure somewhere in cyberspace could result in catastrophic results that span a country or spread around the world and impacting societies, governments and entire cyber infrastructures. The US Cybersecurity and Infrastructure Security Agency last year kicked off the Systemic Cyber Risk Reduction Effort to focus on the issue, including developing metrics and tools to measure and address the risks to the nation's infrastructure.

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey's history, Business interruption drops to a close second and Natural catastrophes ranks third, up from sixth in 2021.