- States and businesses are seeking to mitigate the risk of cyber attack through threat intelligence and increasingly through insurance.
- It is difficult to assess the threat because of the lack of data in this embryonic industry.
- The ongoing aim of governments and international organisations is to establish secure means to share intelligence, but there is currently insufficient trust and political will.
Governments and businesses alike are struggling to mitigate cyber threats through a combination of effective cyber-security policies using technical and cyber-threat intelligence methodologies. Moreover, they are increasingly looking to insurers to provide cover for their data and networked control systems.
Cyber security is highly lucrative. In 2016, the US government's cyber-security budget was USD14 billion. Despite that investment, there were a number of high-profile attacks on US government institutions. The hack of the Democratic National Committee email server between January 2015 and May 2016, details of which were published by WikiLeaks in July 2016, highlighted how the outcome of the US presidential election may have been influenced by cyber intrusions. Estonia, France, Russia, and the United Kingdom have all announced an increase in their cyber-security capabilities since late 2016, indicating the level of government concern.
Demand for ever greater connectivity will result in a continued boom in the Internet of Things (IoT) in 2017. However, greater reliance on networked technologies will also increase vulnerabilities. A 27 January report by IHS Technology, IoT Trend Watch 2017 , suggested that the number of interconnected devices globally would jump by 15% to 20 billion in 2017. Already the IoT is vulnerable to attack: in October 2016, a massive network of hacked IoT devices contributed to the shutdown of Twitter, with hackers using a virus called Mirai in a distributed denial-of-service (DDoS) attack.
'Assets', 'vulnerability', 'threats', and 'risk' are terms that are often used interchangeably.