As cyber threats continue to grow, guests on the latest episode of The Insuring Cyber Podcast say that collaborations between the public and private sector are becoming even more vital.
“Probably the most urgent driver of cooperation is the continuously evolving threat landscape,” said Dr. Sezaneh Seymour, vice president and head of regulatory risk and policy at InsurTech Coalition.
She said for cyber insurers, one important part of this collaborative effort is intelligence sharing.
“If you think of the threat landscape as a puzzle, government agencies and private businesses will typically have different pieces of that puzzle,” she said. “And the full threat picture only comes together when those pieces of the puzzle are brought together.”
Seymour has a career in the public sector and, prior to joining Coalition, served in the public sector as senior advisor to the deputy assistant to the President and deputy national security advisor for cyber and emerging technology on the National Security Council at the White House.
It was during her time at the White House that she witnessed the genesis of the latest cybersecurity initiative, which was born out of collaboration between the federal government and private sector: The U.S. Cyber Trust Mark.
The Biden-Harris Administration in July announced this cybersecurity certification and labeling program to help U.S. consumers more easily choose smart devices that are safer and less vulnerable to cyber attacks. Under the program, consumers would see a newly created shield logo on products that meet established cybersecurity criteria from the National Institute of Standards and Technology.
The Federal Communications Commission is expected to seek public comment as the proposed voluntary cybersecurity labeling program is rolled out. The program is set to be up and running by 2024. Seymour said the program originated with an executive order that was signed while she was still working in the White House.
“In some ways, it’s personally surreal to see this cyber trust mark begin to take shape,” she said. “I say that because its genesis is from an executive order that was signed while I was still in the White House, and I know a lot of incredibly talented people spent countless hours to make that a reality.”
She said she sees the trust mark benefitting insurers by incentivizing product manufacturers to prioritize security in product design.
“That’s a big problem today, right? Lots of products are built smart by default, but not secure by default,” she said. “Second, I could see insurers like Coalition point to trust mark as a transparent source of information about the security and data privacy practices of a manufacturer or product.”
Since insurers are also consumers, she sees an added benefit as insurers make their own procurement decisions for their businesses. Beyond this, more opportunities for insurance industry collaboration may be on the horizon as the foundational details of the program are still being ironed out, she said.
“There is a process set up so the public can contribute to shaping those details, including cyber insurers,” she said.
She said the government is asking for input on things like which devices should be eligible for inclusion in the program, how security standards for different types of devices should be developed, how manufacturers should demonstrate compliance with those security standards, and how the government can educate consumers about using the label and prevent its misuse.
“So cyber insurers, especially InsurTechs like Coalition that combine security services with traditional financial risk mitigation, will have some unique perspectives and I think useful insight to share in that process,” she said.
Mike Bergman is the vice president for technology and standards at the consumer technology association – an organization that, over the past five years, provided recommendations for the development of the U.S. Cyber Trust Mark program.
He said the goal of the program is to give consumers transparency.
“This is protection for you, the consumer, and this gives you the ability to go to the store and make a choice,” he said. “You can look actively for products that have that mark and make a decision to purchase the ones that are complying with these requirements, that are upping their game in security, that are trying to protect you a little bit more and providing more transparency.”
Bergman joined CTA in 2013 as senior director of technology and standards, and in addition to managing CTA’s web application video ecosystem project, he also directs industry efforts to improve internet of things cybersecurity. He said the time for this program is as soon as it can be rolled out, as the ever-evolving threat landscape isn’t expected to slow down anytime soon.
“What we’re seeing is consumer sentiment has turned over the past five years. More and more consumers are interested in cybersecurity. More and more, they’re willing to try to find a way to purchase something that will protect them better,” he said. “So what we end up with is consumer sentiment is moving towards being ready to use a tool like this. The private sector and the government across the board has been working on it for five years, and we’re almost ready to launch at this point.”
Beyond the insurance industry, Bergman said other cybersecurity industry alliances are working to assemble security programs that could be authorized to issue the marks.
“We’ve got things like the Connectivity Standards Alliance and the ioXt Alliance,” he said. “They may not be well-known to everyone, but these are industry alliances that have security programs that manufacturers can qualify under, and these programs have been built and aligned to these government requirements that have been developed with the work between organizations like ours and NIST (The National Institute of Standards and Technology).”
Seymour said that cooperative partnerships in the cybersecurity space have grown increasingly common because of the mutual benefit to government and business as the threat landscape evolves.
“I think the existing mechanisms are there, and as a community, we just need to make a habit of them,” she said. “An organization’s security posture, we know, can change from day to day, even hour to hour. And criminals are constantly looking for new vulnerabilities and finding new tactics and techniques to breach systems, and criminals move fast.”
Bergman agreed that he believes the U.S. Cyber Trust Mark program is another step in the direction of a sea change for insurers and consumers alike regarding cybersecurity.
“It’ll give the insurance industry an extra tool to sort through opportunities, it will give vendors an opportunity to differentiate themselves, and it’ll give consumers an opportunity to protect themselves,” he said. “So all of this has just grown together. Everybody’s been recognizing a common problem. Everyone has worked together to solve this problem. The consumers are ready. So now it really is the time for this.”
Check out the rest of the episode to hear what else Sezaneh and Mike had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.
Was this article valuable?
Here are more articles you may enjoy.