2021 was the year of Ransomware — increasing threefold from the year before. Supply chain attacks quadrupled. From the Colonial gas pipeline to the Kaseya Software attack, a Security Operations Centre as a Service can reduce the impact dramatically.
Explaining Cyber Risk
Cyber risk is dependent on three things: threat, vulnerability, and consequence. Understanding the relationship between these three factors is essential for any organisation seeking to manage its exposure to cyber incidents effectively.
Threat encompasses the range of adverse events that could affect an organisation. These include data breaches, where sensitive information is accessed or exfiltrated by unauthorised parties; business interruptions, where critical systems are rendered unavailable; and extortion, where attackers demand payment in exchange for not releasing stolen data or restoring access to encrypted systems. The threat landscape is constantly evolving, with new attack techniques and criminal business models emerging regularly.
Vulnerability is not limited to technical weaknesses in software or hardware. While unpatched systems and misconfigured services represent significant vulnerabilities, the supply chain has become an equally critical area of concern. It is predicted that 60% of cyber security incidents in 2022 involved third parties — suppliers, partners, and service providers whose security weaknesses become your own. This interconnected risk means that an organisation's vulnerability extends far beyond its own network boundary.
Consequence is perhaps the most difficult element to predict. The financial, operational, reputational, and regulatory consequences of a cyber incident can vary enormously depending on the nature of the attack, the data involved, the speed of response, and the regulatory environment in which the organisation operates. What is clear, however, is that the consequences are growing more severe as businesses become more dependent on digital systems.
Understanding Cyber Insurance
As cyber incidents have increased in frequency and severity, the cyber insurance market has responded with significant changes. Premiums have been increasing by 40-50%, reflecting the growing volume and cost of claims that insurers are processing.
The case of Merck versus its insurer following the NotPetya attack illustrates the complexities of cyber insurance coverage. The insurer attempted to invoke an "Acts of War" exclusion to deny the claim, arguing that the NotPetya malware was a state-sponsored attack attributable to the Russian military. The court rejected this argument, but the case highlighted the ambiguity in many cyber insurance policies and the potential for disputes over coverage.
We should therefore expect insurance policies to be updated, with more exemptions and exclusion clauses, effectively reducing your coverage.
Organisations should be aware that network security holes and inadequate security practices can void insurance coverage entirely. Many cyber insurance policies now require policyholders to demonstrate specific security controls as a condition of coverage. Failure to maintain these controls can give insurers grounds to deny claims.
The ASD Essential 8 framework is an excellent resource for organisations seeking to establish a baseline of security controls that will satisfy both regulatory requirements and insurance obligations. Aligning your security posture with recognised frameworks demonstrates due diligence and can strengthen your position in the event of an insurance claim.
Using a SOC-as-a-Service
The starting point for improving your cyber security posture is a Security Posture Review. This comprehensive assessment includes vulnerability scanning, penetration testing, and incident response planning. It establishes a clear picture of your current security state and identifies the areas requiring immediate attention.
Continuous network monitoring is now available as a subscription service, making enterprise-grade security operations accessible to organisations that could not previously justify the cost of building an in-house security operations centre. This model provides 24/7 visibility into network activity, threat detection, and incident response capabilities without the overhead of recruiting, training, and retaining a dedicated security team.
The Aegis SOC-as-a-service, developed by Cyber Citadel, represents the gold standard for assessing and monitoring an organisation's security environment. By combining advanced threat detection technology with experienced security analysts, Aegis provides the continuous vigilance that modern threat landscapes demand.
In an environment where ransomware attacks are increasing threefold year on year and supply chain compromises are becoming the norm rather than the exception, a SOC-as-a-service is no longer a luxury — it is a necessity for any organisation that takes its cyber risk seriously.
This article by Jonathan Sharrock was originally published in Across Borders magazine — Edition One 2022, p.47.