The Australian National University (ANU), together with tech firms and government, used the meeting of Quad leaders at the G7 Summit to push Australia, the United States, India and Japan “to break the business model of ransomware criminal groups” and adopt the recommendations in a cyber policy paper.
“Cybersecurity absolutely is part of one of the working groups as defined by the Quad membership,” said Jonathan Jackson (pictured above), director of engineering for BlackBerry APJ. The software and cyber security firm participated in the ANU’s research. Jackson said the last Quad meeting covered cybersecurity extensively and the next meeting is expected to do the same.
“Combatting Ransomware” has seven cyber policy recommendations for the Quad. The report’s authors and stakeholders say the insurance industry has an important leadership role to play.
“We believe that the insurance industry can play a leadership role in our ability to be able to prevent these attacks from happening,” said Sydney-based Jackson. “It’s not necessarily just about incident response but about being able to provide a holistic approach as to how companies can be more cyber resilient.”
However, after US President Joe Biden cancelled his Australia visit, the Quad met on the sidelines of the G7 Summit in Japan over the weekend. Jackson is still hopeful that the ANU paper made an impression.
“We’re really hoping that cybersecurity initiatives will remain front of mind in terms of the quad initiative,” he said. “The goal really is to ensure that the insurance industry, stakeholders and government work more together towards a common goal and that common goal needs to disrupt and also to stop ransomware attacks.”
Jackson said one focus of the cyber policy recommendations is incentivising the insurance industry to build on better resilience for organisations.
“Good cyber hygiene can incorporate employee training, upgrading software, being up to date with the latest threats, threat intelligence and leveraging tool sets that are available to be able to prevent and stop ransomware,” said Jackson.
He said the challenge for organisations is fitting these elements together and suggested that’s where insurance companies can help.
“Leveraging one specific tool is no longer sufficient to be able to deal with the cyber threats that we see today,” said Jackson. “We’re looking towards a more holistic capability to really look to strengthen Australia’s cyber resilience everywhere.”
One eye catching recommendation in the ANU paper would introduce annual Cyber Security Board Statements, “replicating the approach with the Modern Slavery Act” said the media release.
IB asked Jackson if this was something BlackBerry was already doing or prepared to do?
“That’s not really for BlackBerry to say but it is one of the recommendations that was put forward,” he said. “This one concerned creating a mechanism for boards to be able to define what cyber initiatives they have implemented as part of overall cyber hygiene and cyber resilience.”
Some cyber security experts say the cyber insurance market’s immaturity is still a major challenge. In an IB interview in September, Ismael Valenzuela, vice president of Threat Research and Intelligence at BlackBerry, said the industry “is really immature.”
Jackson didn’t necessarily disagree with his colleague but he was more diplomatic.
“Current statistics from ACSC [Australian Cyber Security Centre] show that there’s a cyber incident once every seven minutes in Australia,” he said. “At BlackBerry, we are seeing and stopping an attack every single minute across our customer base.”
IB asked Jackson if there were areas where the insurance industry could up its cyber game?
“Not necessarily up their game, no,” he said. “I think the insurance industry has taken a huge step forward in terms of helping organizations be more cyber resilient.”
However, he said the challenges are there and evolving very quickly. For example, he highlighted large language modelling and ChatGPT.
“Helping organizations really understand the implication of that as a benefit, as well as a potential threat, is something that I see a lot of organizations really grappling with today,” said Jackson.
The Quad is a diplomatic partnership between Australia, India, Japan and the US. According to the federal government, the group is committed to “promoting stability, resilience and prosperity in the Indo-Pacific.”
Do you think the insurance industry does a good job promoting cyber resilience? Please tell us below
