Three Unintended Consequences of Well-Intentioned Cyber Regulations

Steve Durbin
Published 10 - June - 2022
Read the full article on PropertyCasualty360
Insurers will have to balance innovation, risk reduction and regulation.

Cyberthreats have surged exponentially, significantly outpacing the ability of organisations to prevent or respond to them effectively. That’s why policymakers worldwide are stepping up efforts to create cyber regulations that can help mitigate and boost society’s resilience against these threats and assert control over how some technological innovations are used.

As these legislative changes take hold, it will become apparent that they are not just removing dangers but are forcing evolutions that risk redirecting the threats and burdening organisations with a raft of hard-to-meet demands that may continue to leave them open to attack and disruption. The Information Security Forum (ISF) predicts that by 2024, global organisations will face some unintended consequences of cyber regulations, no matter how well-intentioned they might be:

  1. Ransomware evolves into triple extortion
  2. Regulators inhibit data-driven innovation
  3. Attackers undermine central cryptocurrencies
How organisations can protect themselves
  • Organisations that do not regularly evaluate their ability to detect and respond to extortion attacks like ransomware should consider a strategic approach to managing such an enduring threat to their business. A re-evaluation of what business-critical data assets exist in the organisation and where they reside will further support this objective. The board of directors should have an in-depth understanding of this ongoing threat so it’s not caught by surprise if and when it happens. Now is also a good time to understand your level of maturity of defences versus the threat, and risk-assess any gaps.
  • Organisations should look at discovering which AI algorithms are in use, how they were developed, and look for ways to assure the integrity of their data sources. They must consistently review the regulatory landscape to determine which laws and regulations apply, as well as review their internal governance structures and policies to understand if they’re adequately covering those frameworks. Develop a plan to improve the governance of algorithms by creating a process to measure outcomes and expose potential bias on an ongoing basis.
  • Since crypto is still quite new and complex, companies need to identify or perhaps recruit subject matter experts in cryptocurrencies and assess the organisation’s readiness for their secure adoption. Organisations must audit their financial systems to expose weaknesses and gauge operational readiness for cryptocurrency commerce. Finally, they need to make sure security operations are familiar with proposed changes.

Striking the right balance between innovation, risk reduction and regulation is not an easy feat. Companies that successfully walk this tightrope will not only have a clear competitive advantage but also propel themselves to be on a path to becoming market-leading enterprises.

Read the full article here
Three Unintended Consequences of Well-Intentioned Cyber Regulations
Read the full article on PropertyCasualty360