The just-concluded Gartner Information Security and Risk Management Summit was the second one I attended, and many of the themes I heard at the 2012 conference were repeated this year. To be fair, the challenges may be the same, but some of the solutions being offered have matured. Still, I experienced a sort of dÃ©jÃ vu as I talked to industry experts, security practitioners and vendors.
In two years' time, this convergence of different security technologies providing a business value is going to be much, much bigger.
Take, for instance, cyber-insurance. Two years ago, at a symposium on cyber-insurance at Seton Hall Law School in Newark, N.J., an insurer lamented a dearth of experienced cyber-insurance underwriters. The lack of history and underwriters, several experts said, makes it hard for insurers to know exactly how much they should charge for coverage. "Cyber-insurance remains a gamble to insurance companies," Paul Proctor, a Gartner vice president and distinguished analyst, said at the 2012 Gartner Security and Risk Management Summit (see 10 Concerns When Buying Cyber-Insurance).
Fast-forward two years to this year's summit, and one of Proctor's colleagues, Managing Vice President Juergen Weiss, strikes a similar tune (Lessons Learned from Cyber-Insurance). "Good underwriters, especially since this is a relatively young product, are still hard to find in the market," he says.
Two years ago, cybersecurity coverage from insurers varied widely, in part, because of the lack of underwriters. Weiss says the situation hasn't changed much, resulting in what looks like tailored-made coverage. "The [cyber] products are, let's say, custom designed to some degree to specific clients," he says.
Will we hear much of the same two years' hence?
"There's not going to be an explosion in demand," Weiss says. Instead, organizations will recognize that cyber-insurance is a component of their overall risk management program. "We're not going to see in two years everyone is having a cyber-insurance policy, but we're hopefully going to see more awareness about best risk-management practices, and then cyber-insurance could be one element of those best practices," Weiss says.
Back to the Future?
What do others say we'll be talking about at future Gartner summits?
Ransomware, like cyber-insurance, isn't new, but how it evolves could have an impact on how end users and vendors approach the threat.
JD Sherry, vice president of technology and solutions for Trend Micro, sees threats such as ransomware expanding to the consumer sector. Imagine, Sherry says, a home system that ties together security systems, video surveillance and smart TV. Then a hacker locks up your television during the Super Bowl and demands payment to unlock it (BYOD: Bring Your Own Disaster?).
Sherry says this could make vendors rethink their approach to cybersecurity, securing networks that deliver these smart services rather than safeguarding individual devices. "There are so many operating systems ... that it is tough to secure them all in a fashion," he says.
ThreatMetrix Chief Technology Officer Andreas Baumhof sees further maturation of using security technology to achieve business goals (Big Data: Breaking Down Silos). "In two years' time, this convergence of different security technologies providing a business value is going to be much, much bigger," he says.
And Webroot's David Duncan forsees vendors becoming more willing to support the use of standards for security technologies so that a common framework for communicating threats and alerts among vendor's systems can be built. (see Improving Cyberthreat Communications).
"We have to develop standards to allow all of the different security technologies to communicate with each other, share information with each other so we can protect customers better," says Duncan, Webroot chief marketing officer.
What changes in cybersecurity and risk management will you be addressing in two years? Share your thoughts in the box below.