WHAT THIS MEANS FOR THE FUTURE OF CYBER INSURANCE
Nations and people often find themselves preparing for the last challenge rather than the next one. This is a pattern embedded in human behavior, as hindsight offers a sense of certainty. We look back at previous crises and construct plans, policies, and strategies that might have been successful if deployed earlier. In hindsight, there’s a sense of comfort. It’s like standing atop a hill with a perfect view of the past. Yet, this inclination to fight the last battle blinds us to the realities of the present and, more importantly, the future.
There’s a certain allure to preparing for yesterday’s war. After all, it feels purposeful. When a nation builds more robust defenses against the attack that has already happened, it looks like work and feels like progress. But the next challenge is rarely a repeat of the last one. Whether it’s a global conflict between nations or a cyberattack that disables critical systems, the threats of tomorrow demand foresight, creativity, and a willingness to listen to those who see what others don’t.
Recent reports indicate we may be missing the mark. This week, we reported on an Arctic Wolf study that found that 80% of IT and security professionals expressed high confidence in their organization’s ability to resist phishing attacks, yet 64% admitted to having fallen for phishing scams themselves. Meanwhile, a QBE and Zywave report revealed that only 38% of companies frequently discuss cyber insurance policies at the C-suite level, and fewer than 20% of boards are extremely familiar with their company’s cyber insurance policies. These gaps in cyber insurance and security awareness and preparedness are dangerously out of sync with the reality of the modern cyber landscape, leaving us vulnerable to the next big attack.
Warnings From The Past
Consider the case of Billy Mitchell, an American military officer in the 1920s who was ridiculed for his outspoken belief in the importance of air power in future wars. Mitchell repeatedly warned that the next major conflict would be decided by aerial forces, not traditional ground or naval power. After touring the Pacific in 1924, he made a chillingly precise prediction. In a report written over a decade before World War II, he stated that the next war would begin with a surprise attack by Japanese forces on Pearl Harbor, Hawaii, followed by an assault on the Philippines. His details were striking, even specifying the time: Pearl Harbor would be bombed at 7:30 a.m. and Clark Field in the Philippines shortly after.
On December 7, 1941, the Japanese attacked Pearl Harbor at 7:55 a.m.; they were behind their schedule to attack at 7:30 a.m. Just hours later, they struck Clark Field in the Philippines. Mitchell’s warnings, dismissed at the time, were eerily accurate. The lesson is that foresight can be the difference between preparedness and disaster, even when it challenges our existing frameworks.
Much like Billy Mitchell’s warnings, there are voices today cautioning about the next threats. It won’t begin with boots on the ground or bombers in the sky but with a massive cyberattack. In today’s world, cyber threats loom large over every aspect of society. Our critical infrastructure—everything from healthcare systems to power grids—remains deeply vulnerable to attacks that could come from anywhere at any time.
Warnings From The Present
Just this week, the Justice Department indicted two Sudanese brothers linked to a cyberattack on Israel’s warning system on October 7th, 2023, as Hamas launched its surprise assault. According to court filings, the attack disrupted the delivery of life-saving alerts to civilians. This incident should sound alarm bells. It’s a glimpse into how future conflicts might begin: with cyberattacks that cripple communications, sabotage infrastructure, and leave entire nations vulnerable before a shot is fired.
The warning signs are all around us. Hackers have proven time and time again that our systems, particularly in healthcare and utilities, are not as secure as we’d like to believe. We have witnessed attacks that disrupt hospitals, lock critical data, and cause widespread chaos. In many ways, the battlefield has shifted. Yet, are we truly prepared to meet this new challenge? Or are we, like in Mitchell’s time, too busy preparing for a conflict that belongs to the past?
We must stop preparing to fight yesterday’s wars. Instead, we need to focus on strengthening our defenses against cyberattacks that could wreak havoc in ways we are only beginning to understand. The interconnected nature of global commerce and economies, with data and systems interwoven across borders, provides adversaries we might have consigned to the past—state or non-state actors—with new ways to dominate. An attack on one critical system can ripple through global supply chains, shutting down businesses, disrupting financial markets, and even igniting widespread panic. The cyber insurance and security industry, too, must evolve to cover these new risks, ensuring businesses are aware of their vulnerabilities and adequately insured against them.
Preparing For Tomorrow
The future is knocking, and we must answer before it’s too late. Preparing for tomorrow’s cyber conflicts rather than yesterday’s battles is crucial—it’s an existential imperative. The interconnectedness of nations, companies, and individuals means we are all vulnerable to the next attack. Cyber threats don’t just target governments; they threaten businesses, healthcare systems, and the infrastructure supporting our daily lives. Let’s not make the mistake of ignoring the warning signs this time.
Epilogue:
Billy Mitchell died in 1936. In 1946, after World War Two ended, Congress posthumously awarded him a special Congressional Gold Medal. It is inscribed with the words, “FOR OUTSTANDING PIONEER SERVICE AND FORESIGHT IN FIELD OF AMERICAN MILITARY AVIATION.” This medal is the only one of its kind.
Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News. If you want to contribute an opinion piece to the site, email him here: [email protected].
Other News: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks.