cyber resilience framework
Threatonomics

Investigating Cybersecurity Policies and Motivations for Private Sectors

Explore how government strategies influence private-sector cybersecurity efforts.

by Tom Egglestone
Published

The conversation around protecting ourselves and our institutions from cyber threats is multifaceted, encompassing psychological, strategic, and technical perspectives. Experts from diverse backgrounds offer their insights, suggesting a shift towards foundational security measures informed by an understanding of human behavior.

60% of data breaches are caused by the failure to apply available patches” as highlighted in a report by Secure Halo. Cyber threats elicit different responses compared to physical threats. The anxiety they provoke highlights the need for cybersecurity approaches that resonate with how people actually perceive and react to these invisible dangers, moving beyond fear-inducing tactics.

Are you ready to upgrade to cutting-edge cybersecurity strategies? Tune into the “Building Cyber Resilience Podcast.” 

Shifting the Strategic Emphasis

Frequently, the narrative around cybersecurity is dominated by catastrophic scenarios. This focus can divert attention from essential, effective defense measures. Highlighting foundational security practices offers a more productive path forward, steering the conversation towards actionable resilience rather than abstract fears.

The current challenge lies in moving the focus from the spectacle of potential cyber catastrophes to the nuts and bolts of daily cyber defense. This entails a concerted effort from governments and the private sector to align strategies towards enhancing everyday Cyber Resilience, informed by robust research and policies. Effective cybersecurity measures stem from a deep understanding of human behavior shaped by thorough research. Collaboration between the government and the private sector is vital in developing a well-rounded cyber defense strategy that addresses the nuances of human and technological interaction.

Focusing on resilience against common cyber threats is fundamental. Incorporating routine security practices, such as software updates and cybersecurity training, forms the backbone of a solid defense mechanism, enabling an effective cyber incident response plan to be in place.

Role of Research in Advancing Cybersecurity Policies

The advancement of cybersecurity strategies significantly benefits from a nuanced blend of qualitative and quantitative research. This approach sheds light on the complex dynamics between technological vulnerabilities and human behavior, steering us toward policies that are proactive and reactive. Achieving a robust digital defense requires a collaborative endeavor, engaging government, businesses, and individuals. 

Focusing on research-informed, actionable measures rather than sensationalism is key to navigating a safer path through cyber threats. Active participation in the cybersecurity dialogue is crucial. By keeping abreast of the latest developments, advocating for robust policies, and cultivating a culture of resilience, private sectors can safeguard their shared digital realm.

Research and Cybersecurity Strategy Insights

An intriguing observation is the contrast between human reactions to physical and cyber threats. Unlike the measurable fear responses elicited by physical dangers such as snakes, cyber threats tend to induce anxiety—a nuanced reaction that underscores the need for understanding psychological reactions to develop more effective cybersecurity strategies and policies.

Another point of discussion is the counterproductive effect of using catastrophic language when describing cyber threats. This narrative can distract from essential, everyday defense measures, inadvertently weakening efforts to construct digital resilience. The analogy of cyber threats to a “termite infestation” that silently compromises foundational security, rather than a dramatic, singular event, underscores the necessity of focusing on building ordinary resilience and foundational security practices.

Uncover the latest insights in public cyber policy and incentives for the private sector in Episode #8 of the Cyber Resilience Podcast. Join industry experts Davis Hake and Jacqueline Schneider and as they discuss strategies for enhancing cyber resilience and the vital role of collaboration between government and private sectors. 

Schneider’s expertise offers invaluable insights into crafting effective cyber policies through a deep understanding of human interaction with technology. Her approach, integrating qualitative and quantitative data, provides a comprehensive perspective on reducing uncertainty and fostering informed decision-making in the face of cyber threats. The role of government in cybersecurity is transitioning from a purely defense-oriented approach to promoting public-private partnerships for a well-rounded cyber defense, emphasizing the importance of these collaborations. 

Such partnerships are critical for blending innovation from the commercial sector with governmental strategies, thereby reinforcing cyber resilience.

Crafting Effective Cyber Policy with Resilience

Understanding the intricate relationship between human psychology and cybersecurity, alongside applying evidence-based policy and strategy development, is crucial for building resilient cybersecurity frameworks. Exploring both individual and collective responses to cyber threats reinforces that effective cybersecurity transcends technology; it’s equally about understanding and influencing human behavior.

As we navigate the complexities of cybersecurity, it’s evident that embracing a comprehensive approach—one that leverages the latest research fosters public-private partnerships, and prioritizes everyday defenses—is essential. This strategy will be instrumental in ensuring a secure digital future for all, highlighting the importance of continuous learning, adaptation, and collaboration in our ongoing quest for cyber resilience.

To see how our solutions can transform your cyber resilience and align with the cutting-edge approaches discussed, we invite you to request a demo of Resilience. Experience firsthand how our innovative cybersecurity strategies and tools can empower your organization to thrive in the face of cyber challenges. 

About the Author
Tom Egglestone

Tom Egglestone ACII is Global Head of Claims at Resilience. Before joining us, Egglestone served as Claims Manager - Enterprise Risk at Tokio Marine Kiln, where he was recognized as a specialist in cyber and intellectual property products, having handled some of the London market’s largest claims in those areas. Previously a claims adjuster at CFC and Hiscox, Egglestone has over a decade of escalating experience and responsibility for complex specialty claims and claims operations in the London market.

You might also like

Contrasting and comparing FAIR with the Resilience solution

As market awareness of cyber risk quantification grows, we frequently receive questions from clients and curious risk managers about FAIR (Factor Analysis of Information Risk)—what it is, whether it truly provides accurate cyber risk quantification, the effort needed to set it up and maintain, and more. Clients often ask us to compare the FAIR methodology […]

How does Resilience establish the probabilities presented in my LEC?

Managing risk successfully at any level requires an understanding of a concept called “probability.” As both an insurance company (risk transfer) and a cyber risk management company, Resilience relies on understanding probabilities to price our services and to guide our clients to greater levels of cyber resilience. As we often receive questions from our clients […]

Moving beyond heat maps for better risk management

Heat maps are among the most widely used—and debated—tools for risk managers worldwide to communicate risks in their registries or project portfolios. Despite their popularity, we advise leaders seeking transparency in discussing risk and value to avoid relying on them. What are heat maps? Risk managers often use heat maps (or risk matrices) to represent […]

Breaking Lemonade: Understanding Value at Risk

I talk a lot about value-at-risk among my colleagues, with our customers, and the broader market. Value-at-risk may be the single most important measure to grasp, without which one cannot accurately measure risk transfer, excess risk, risk acceptance, and return on controls. Yet, these are all important concepts that leadership in modern organizations need to […]

Would you fall for a live deepfake?

The Office of Senate Security revealed last week that the head of the Senate Foreign Relations Committee was targeted in a deep fake video call. An unknown person, claiming to be the former Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, lured the Senator onto a Zoom call. The attack was thwarted when the Senator and […]

Artificial Intelligence for Cyber Resilience

AI tools are shifting the calculus for cyber defense by enhancing key areas such as vulnerability mapping, breach detection, incident response, and penetration testing. This integration could help an organization bolster its cyber resilience against an ever-evolving threat landscape. AI tools could automate the discovery and monitoring of vulnerabilities, providing real-time updates of an organization’s […]