Days after the UK warned that a cyber attack on major infrastructure was the biggest terrorist threat the country currently faced, Martin Huddleston, Principal Author for the MoD’s Defence Science and Technology Laboratory (Dstl), warned companies were unprepared for the threat.
“In the past five years there have been significant changes to the cyber threat,” he explained. “The speed of events has changed, as has the scope of potential impacts. Also the intent of the actors has also changed. In the past data would be accessed and stolen and used to extort money from firms. Now these people will wantonly destroy the data after being paid.
“The penalties faced by firms and their executives have also significantly increased. In terms of D&O directors have to be seen to be recognising the threat and taking steps to protect the company from those threats”
Mr Huddleston added that on a five-point scale of maturity levels when it comes to security and data most companies are at a level of one to two.
“To be confident that you are prepared for and understand your risks you should be at a level of four or above on that scale so there is a one to two-point gap at least” and added it was not simply the systems that determined the ability to meet the cyber threat.
“It is the delivery of the security that decides how effective it is. If you don’t have the capability you are vulnerable.”
The MoD has created CDCAT® an assessment tool that in the space of an afternoon can provide a detailed report on the risks a company faces and its ability to combat those risks.
“This is not a compliance assessment,” said Mr Huddleston. “We are looking at real operational risk.”
The system was designed to enable the armed forces to be confident their systems would operate on the battlefield and CDCATinsurance™ has been developed by Kyngswoode Services Limited into a unique tool to support insurance brokers and underwriters for specific cyber risk and data breach insurances.
Kyngswoode MD Andrew McQuade told the meeting: “Cyber cover at present is included in many policies as an add on without a true understanding of the potential exposures that cover could create.
“We felt it would make far more sense to have fact based information to aid the underwriter and the broker when placing their client’s cyber insurance.
“The assessment takes a matter of hours and will provide not only a clear understanding of the threats faced by that company and their current ability to meet those threats but also bench mark their performance against their peers.”
“It provides underwriters with the ability not only to price the business more accurately but in the case of a claim, the claim department has the option of undertaking another CDCATinsurance™ assessment to ensure the information provided at the time of inception was accurate.”