The US Cyber Solarium Commission’s recently released white paper, Cybersecurity Lessons from the Pandemic draws parallels between the disruptions of the pandemic and the disruptions the US would experience during a significant cyber attack.
“The COVID‑19 pandemic illustrates the challenge of ensuring resilience and continuity in a connected world. Many of the effects of this new breed of crisis can be significantly ameliorated through advance preparations that yield resilience, coherence, and focus as it spreads rapidly through the entire system…”
The white paper gathers observations about how the country has responded to the pandemic and what it can teach the US about how well prepared the country is for a major cyber disruption.
The Commission is correct to draw parallels between the pandemic and a potential significant cyber attack. Cybersecurity is a systemic risk and the Solarium Commission’s efforts to education the government and broader public on the risks posed and steps needed to mitigate those risks is laudable. Unfortunately, in seeking lessons from the country’s response to the pandemic in order to understand how well prepared we are for a major cyber attack, the results are not encouraging.
Similarly, the pandemic’s disruption of markets and company business models has also illustrated how well prepared and underprepared companies were for a digital-first economy. The results are extremely encouraging for some (highly rated on cyber governance) and discouraging for others.
Importantly, the white paper outlines how prevention is far cheaper than effective detection and response for the country. The same is true for companies and operationally disruptive cyber attacks. Proactive investment in effective cyber governance, including adequate security posture and policies relative to the risks faced, is far cheaper than recovering from a ransomware attack that paralyzes a network for days. Unfortunately, a majority of breaches go undetected by companies, ransomware attacks are on the rise, and underperformance on cyber governance can be found across every sector today.
Just as a free press shines a light on the inadequacies of the US response to the pandemic, cyber governance ratings shed a light on the companies are prepared for the digital-first economy and a significant attack and those that are not.