What we have here is a failure to communicate [blog]

By Chad Hemenway on February 23, 2015
BrainLord

Brian Lord

LONDON–Organizations are spending more money on cybersecurity but have no idea what they are spending it on, or what it does. And after a breach, executives have no idea what to ask or if the answers they are getting are any good.

This, according to Brian Lord, managing director of cyber intelligence and security firm PGI Cyber, highlights the vast abyss between the issue of cybersecurity and the actual understanding of the issue.

And Lord, a 21-year veteran of the GCHQ before joining PGI in late 2013, admitted he’s part of the problem.

“I will say without a shadow of a doubt, the information security community has done the industry of any size absolutely no favors over the last five years–none whatsoever,” he said during his keynote address at Advisen’s Cyber Risk Insights Conference here. “And I say that as a member of that organization.”

“Why? Because they have hyped up a threat–that is not to say it is not a Tier 1 national security threat–but the way that it has been hyped up and continually placed in the ‘difficult to understand’ category–and continued to be managed in a technical language, which inhibits education and awareness.”

What an outstanding perspective. It was something I hadn’t thought of. But my, isn’t it a major obstacle in our grasp of the threat?

Lord prefaced the statements above by saying the decision-makers–buyers or heads of companies–find it extremely difficult to understand the issue of cybersecurity because they “have not grown up with this in their bloodstream.”

This fact is “one of the biggest inhibitors,” he said.

Again, how stunningly obvious and true. But possibly not appreciated. And isn’t saying “possibly” hedging?

Lord said the outcome is dangerous. The above scenario creates a situation in which so many are reliant on so few. And the few are not communicating in an understandable way. And therefore the buyers are spending but not making truly impactful or meaningful risk management decisions.

Therefore the ability to counter a threat recognized in 2010 by the UK government as a “Tier 1″ threat has not nearly kept up. If anyone is counting, we’re in the hole five years and there has been very little progress in “normalizing” the threat, he said. We adopt new technology and immediately apply it, but we do not understand the threat at the same pace.

Download Slides

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].