2023 #CISOPredicts: Craig Rosen, Chief Security & Trust Officer, ASAPP
Members of Silicon Valley CISO Investments (SVCI) offer their take on the challenges and trends that will shape 2023.
As Chief Information Security Officers (CISOs) across industries including tech, insurance, and retail, we have the benefit of sharing (and comparing) our perspectives on a variety of hot-button issues. As members of Silicon Valley CISO Investments (SVCI), we also get a front seat to the most recent cybersecurity innovations by advising and investing in the next generation of startups—and using our decades of expertise to help them thrive.
From where we sit in the C-suite, here’s our take on the trends and challenges that will shape 2023:
Chief Security & Trust Officer, ASAPP
Look out for cyber insurance market imbalance ahead
Whether insurer or insured, there will be non-obvious ripple impacts associated with increased friction surrounding cyber insurance changes decided in 2022 and planned for rollout in 2023. Earlier in 2022, Lloyd’s of London issued a memo to their insurance syndicates indicating that they will not cover losses arising from any state-backed cyberattack or cyberattacks incurred via acts of war. In that memo, they raised a level of risk exposure to their business where “losses have the potential to greatly exceed what the insurance market is able to absorb” if not managed properly.
I think, looking back, we will see this as a landmark moment that shined a spotlight on the growing turmoil in the cyber insurance market. This could spawn further cyber exclusions and higher premiums by additional insurance providers and bring more stringent application vetting and claims collection by the organizations seeking coverage. The decision by Lloyd’s is a reminder that the industry remains subject to seismic shifts, but we really won’t feel the aftershocks until the changes go into effect in March 2023, as the chasm between variant coverage offerings and premiums begins to emerge.
There are some providers that may continue to insure on these types of risks, additional ones that won’t, and security chiefs with programs looking to offset it as geopolitical conflicts unfold with cyber threats on the front lines. As a security technologist, I see this as somewhat “healthy” friction because it opportunistically underscores the need to embrace automation and innovation around meticulously understanding, measuring, and managing risk exposure—especially when major chunks of it are no longer transferable as an insurance offset. As a result, this friction leads to more high-functioning security programs, which then improves insurability over time eventually moving the insurance market back into balance.
Keep following to read additional takes on 2023 by SVCI CISOs!