Quad leaders, insurers and the ransomware battle

Quad leaders, insurers and the ransomware battle

Quad leaders, insurers and the ransomware battle | Insurance Business Australia

Cyber

Quad leaders, insurers and the ransomware battle

“The insurance industry has a leadership role to play”

The Australian National University (ANU), together with tech firms and government, are using the upcoming meeting of Quad leaders to push Australia, the United States, India and Japan “to break the business model of ransomware criminal groups” and adopt the recommendations in a cyber policy paper.

“Cybersecurity absolutely is part of one of the working groups as defined by the Quad  membership,” said Jonathan Jackson (pictured above), director of engineering for BlackBerry APJ. The software and cyber security firm participated in the ANU’s research. Jackson said the last Quad meeting covered cybersecurity extensively and the next meeting is expected to do the same.

“Combatting Ransomware” has seven cyber policy recommendations for the Quad. The report’s authors and stakeholders say the insurance industry has an important leadership role to play.

“We believe that the insurance industry can play a leadership role in our ability to be able to prevent these attacks from happening,” said Sydney-based Jackson. “It’s not necessarily just about incident response but about being able to provide a holistic approach as to how companies can be more cyber resilient.”

Where’s Joe?

However, after US President Joe Biden cancelled his Australia visit, the Quad is expected to meet more informally on the sidelines of the G7 Summit in Japan. Jackson is still hopeful that the ANU paper will make an impression.

See also  AIA Singapore announces new elder care plan with support for multi-stage dementia

“We’re really hoping that cybersecurity initiatives will remain front of mind in terms of the quad initiative,” he said. “The goal really is to ensure that the insurance industry, stakeholders and government work more together towards a common goal and that common goal needs to disrupt and also to stop ransomware attacks.”

“Good cyber hygiene can incorporate employee training, upgrading software, being up to date with the latest threats, threat intelligence and leveraging tool sets that are available to be able to prevent and stop ransomware,” said Jackson.

He said the challenge for organisations is fitting these elements together and suggested that’s where insurance companies can help.

“Leveraging one specific tool is no longer sufficient to be able to deal with the cyber threats that we see today,” said Jackson. “We’re looking towards a more holistic capability to really look to strengthen Australia’s cyber resilience everywhere.”

Replicating the Modern Slavery Act – Who’s first?

One eye catching recommendation in the ANU paper would introduce annual Cyber Security Board Statements, “replicating the approach with the Modern Slavery Act” said the media release.

IB asked Jackson if this was something BlackBerry was already doing or prepared to do?

“That’s not really for BlackBerry to say but it is one of the recommendations that was put forward,” he said. “This one concerned creating a mechanism for boards to be able to define what cyber initiatives they have implemented as part of overall cyber hygiene and cyber resilience.”

Some cyber security experts say the cyber insurance market’s immaturity is still a major challenge. In an IB interview in September, Ismael Valenzuela, vice president of Threat Research and Intelligence at BlackBerry, said the industry “is really immature.”

See also  Enstar $350m ILS legacy deal included COVID-19 exposures, expands its run-off portfolio

Jackson didn’t necessarily disagree with his colleague but he was more diplomatic.

Upping the cyber game

IB asked Jackson if there were areas where the insurance industry could up its cyber game?

“Not necessarily up their game, no,” he said. “I think the insurance industry has taken a huge step forward in terms of helping organizations be more cyber resilient.”

However, he said the challenges are there and evolving very quickly. For example, he highlighted large language modelling and ChatGPT.

“Helping organizations really understand the implication of that as a benefit, as well as a potential threat, is something that I see a lot of organizations really grappling with today,” said Jackson.

Do you think the insurance industry does a good job promoting cyber resilience? Please tell us below

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!