Category: IT Security

Future of Cybersecurity and Cyber Insurance | Blog

In our previous publication, Cyber Insurance Market Dynamics, we discussed cyber insurance market dynamics and the measures both insurers and enterprises are taking to improve capabilities, reduce risk, and curb overall claims losses. In this final article in the three-part series, we will explore what the future holds for cyber insurance for enterprises and insurers.

The COVID-19 pandemic has exacerbated the cybersecurity challenges for both enterprises and insurers. While it has exposed the limited cyber readiness within enterprises, it has also increased margin pressure on cyber insurers that are facing rising loss ratios. To address these challenges, manage cyber risk, and offset increases in premiums, enterprises are investing in new technologies like endpoint protection, network security, and application security, among others.

While these measures have worked for firms in the past, the evolving cyber threat landscape has unveiled the need for more robust plans. Insurers, on the other hand, are partnering with cyber risk analytics firms to actively work to improve underwriting prowess. They are also realizing the need of a sustainable policy that won’t pose an imminent threat to the industry profitability in the future.

Work from home security

The pandemic has made enterprises aware that it is possible to successfully run the business in a remote working environment. These businesses have implemented strong IT frameworks to enable employees to work remotely with few challenges or impacts on productivity. Enterprises have invested in network security and Identity and Access management tools that enable employees to work securely on any given network. With increasing cloud adoption, cloud-based security services will become a hot topic for enterprises to curb growing cyber-attacks.

Maintaining strict access control is likely to be the guiding principle for cyber policies in enterprises. Organizations will implement stringent hardware authentication measures to prohibit unauthorized access to systems. Automated and adaptive network scanning is also expected to be a key theme in the cybersecurity landscape. Enterprises will monitor and scan the connected networks to report any anomalies in real-time, thus enabling teams to proactively fix them. Learning and adapting to the new risk landscape will be an important aspect of enterprise cybersecurity teams. Using Artificial Intelligence/Machine Learning (AI/ML), enterprises will be able to identify patterns and help prevent repeated attacks by developing exhaustive threat intelligence. The use of AI is not only limited to scanning and pattern identification, but it is also expected to prove beneficial to combat social engineering, malware, and ransomware attacks.

We have mentioned in parts one and two of our previous publications (“Cyber Insurance Market Dynamics” and “Cybersecurity Risk Management in a Post-Pandemic Era”) that cyber threats evolve along with evolving technologies. The same is true in the case of quantum computing. While it is expected to bring its own set of advantages in the fields of analytics, cryptography, aviation, medical research, etc., it is also expected to impair our existing encryption methods.

Continued cyber insurance growth forecast

The global cyber insurance market has experienced strong growth in the past, and this trend is likely to continue in the near future. The continuous shift to advanced technologies like AI/ML, cloud and APIs, has compelled enterprises to include cyber insurance in cybersecurity plans. While it is not a panacea solution to the enterprise cyber risk problem, the insurance coverage does provide the necessary systemic risk sharing from potential attacks. Going forward, cyber insurance will transform from a “nice to have” product to a “must have” product for enterprises. Firms will actively look for coverages that include cybersecurity, cyber liability, and technology errors and omissions, among others. The bundling of value-added services in addition to cyber coverage has increased the attractiveness of cyber insurance for enterprises.  In addition to the necessary risk insurance, enterprises now have access to risk prevention and mitigation products and services from insurers.

In the remote/work-from-home world, the lines between commercial and personal cyber risk have become blurred. The need to have employees work from home is not likely to change in the short to mid-term, so insurers will offer enterprises personal cyber risk covers to shield consumers from any cyber-related risks. Recently, Chubb insurance introduced BLINK, an affordable insurance product with an embedded cyber protection cover that addresses the gap between those customers who are concerned about personal cybersecurity (80%-plus) and those who have cyber protection (16%).

As the market expands, insurer limits to risk-taking capacity may dampen the overall growth. While insurers are preparing for the impending cyber capital crisis that may emerge in the event of large-scale cyber-attacks, they are also thinking of innovative ways to address this challenge. Insurers are looking at capping lines of coverage and increasing rates while also diversifying current cyber risk portfolios of large enterprises. Increasingly, insurers will seek to offer coverages to medium-sized businesses as those organizations are becoming increasingly reliant on technology and are aggressively facing cyber-attacks. According to Verizon’s Data Breach Investigation Report, small and medium-sized businesses are at a high risk of data breaches and cyber-attacks. With a considerable proportion of medium-sized businesses seeking to purchase cyber insurance, insurers and brokers will look to tap into this target market.

In-house expertise for insurers to grow

Historically, insurers have largely relied on third-party cyber risk analytics firms for underwriting cyber risk. However, that is expected to change. Insurers are building in-house capabilities and hiring IT experts to strengthen cyber underwriting practices. Going forward, we also expect insurers to build a cyber insurance ecosystem to successfully underwrite cyber risk and consequently generate long-term profitable growth. With this, insurers can bring significant value to the enterprises while also enhancing underwriting capabilities by leveraging real-time threat intelligence. This will provide insurers with new data sources and insights to drive better risk evaluation and, in turn, build a more resilient cybersecurity landscape. Industry regulators will also play a key role in risk underwriting with the introduction of regional cyber insurance risk frameworks as best practices for managing cyber risk.

In the future, the evolving cybersecurity and cyber insurance landscape will demand proactive measures from both enterprises and insurers alike. As enterprises adopt new and emerging technologies, they will need to strengthen their cybersecurity position with new-age solutions like cloud application security and AI/ML-based automated security. Insurers will leverage new data sets for cyber risk underwriting and create a cyber insurance ecosystem that will provide them with the capability to act as coverage providers and also position them as strong risk advisors.

For more insights on cybersecurity, please see the first blog in this series, Cybersecurity Risk Management in a Post-Pandemic Era, or the second blog in the series Cyber Insurance Market Dynamics.

If you’d like to share your observations or questions on the evolving cybersecurity and cyber insurance landscape, please reach out to Barbara Beller ([email protected]), Supratim Nandi ([email protected]), or Mehul Khera ([email protected]).

Cyber Insurance Market Dynamics | Blog

In our previous publication, Cybersecurity Risk Management in a Post-Pandemic Era, we discussed the implications of increasing cyber-attacks on insurers and enterprises in a post-pandemic world. While insurers are actively taking measures to improve cyber risk underwriting to contain overall claims losses, enterprises are strengthening their cybersecurity capabilities by investing in the right set of technologies and talent levers.

The increasing severity of cyber-attacks, accelerated adoption of digital technologies, rise in digital touchpoints, consumerization of IT, and convergence of Information Technology and Operational Technology environments have made the traditional security services models obsolete, according to Everest Group PEAK Matrix reports.

Enterprises are seeking security strategies based on their specific business context, business maturity, geography, and other parameters. One way they are doing so is by partnering with third-party providers to align enterprise security initiatives with broader goals. They are also conducting risk assessments of critical functions and laying out cybersecurity improvement and investment plans for their organizations.

Increasing enterprise investments in cybersecurity

Enterprises are actively investing in endpoint protection, network security, cloud application security, secure web gateways, internet security, Identity and Access management tools, and other avenues to adequately shield businesses from cyberattacks. The endpoint threat detection and response market alone has been growing by more than 20% each year, primarily driven by the increasing number of devices attached to networks owing to the current remote working landscape. Additionally, the rise in the demand for mobile security solutions has further propelled the growth of endpoint threat detection systems. Cloud application security is another area that has recently observed traction from enterprises, as many move to cloud solutions to ensure business continuity in remote/work-from-home environments. In 2020, the cloud security market was estimated to have reached US$35 billion owing to this rising adoption of cloud computing services.

The response from insurers

Insurers are investing in two key areas:

  • Strengthening underwriting capabilities to accurately assess cyber risk and, in turn, to control claims losses
  • Partnering with cybersecurity providers to offer value-added services to customers while also effectively managing risk

Insurers are heavily investing in Artificial Intelligence/Machine Learning (AI/ML) and scanning tools to automate their cyber risk underwriting, resulting in dynamic policy rate scenarios. Many insurers have invested in cyber scanning tools that can be tweaked based on potential cyber vulnerabilities of the client. This has resulted in a market where there is limited consistency in pricing. Additionally, insurers are moving towards API integration to facilitate updates in pricing, coverage limits, and policy terms, instantly based on the insurer’s underwriting and claims experience. This has resulted in sub-limits imposition for certain coverage options such as social engineering or ransomware attacks.

Insurers are partnering with cyber risk analytics firms to improve underwriting capabilities and better understand portfolio risk exposure. For instance, leading insurers such as Chubb, Munich Re, and Hiscox have partnered with risk analytics firms to better understand the systemic risks in their cyber portfolios. Insurers also are using these cyber risk analytics platforms to analyze client cyber exposure, thus providing for detailed underwriting of cyber risks.

The cyber insurance industry also is garnering attention from regulatory authorities. Regulatory authorities are calling on insurers to strengthen underwriting processes, as cyber-attacks pose significant levels of aggregate risk for the industry. Most recently, the New York Department of Financial Services has asked insurers to take stringent measures in underwriting cyber risks.

Insurance innovation

Apart from implementing underwriting discipline, the broader insurance market is headed towards product innovation. Insurers are bundling standalone insurance offerings with risk management services as they reposition from an insurer to a risk guardian, Everest Group analysis has found. They are increasingly offering tailored risk solutions and value-added services that enable customers to reduce risk exposure. Insurers are partnering with cybersecurity providers to offer business protection services to customers to bolster their cybersecurity. For example, Swiss-based Zurich Insurance Group has partnered with Israeli cyber firm CYE to offer Zurich cybersecurity services along with its standalone cyber policy. The new product addresses cyber risks by helping businesses define and implement effective cyber risk management programs.

Effective management of cyber insurance claims losses is critical for both insurers and enterprises. Without it, it is expected the market will witness decreasing margins and a decline in risk capacity. Going forward:

  • Enterprises must implement firmwide cybersecurity policies that are engrained in governance to ensure a robust defensive strategy
  • Insurers must work with third-party data providers and develop a solid ecosystem that includes internal and external experts to bring forward the best solutions

In our upcoming third and final edition of this article series, “The Future of Cybersecurity and Cyber Insurance,” we will explore what the future holds for cyber insurance for enterprises and insurers; emerging ways of underwriting cyber risk; and the role insurers and enterprises will play in battling the cybersecurity challenges over the coming few years.

If you’d like to share your observations or questions on the evolving cybersecurity and cyber insurance landscape, please reach out to Barbara Beller ([email protected]), Supratim Nandi ([email protected]), or Mehul Khera ([email protected]).

Cybersecurity Risk Management in a Post-Pandemic Era | Blog

The intensity and severity of cyber events has accelerated during the COVID-19 pandemic as more and more people are working remotely and from home. This increasing frequency of cyberattacks has brought volatility to the already spiking claims losses causing many to wonder how enterprises and insurers can manage cyber risks in this new era. Our three-part blog series will explore this as well as initiatives to deal with cyber insurance challenges and what the future may hold for the cyber insurance market and its impact on enterprises.

The global cyber insurance market currently stands at nearly US$7.8 billion and is expected to grow at more than 20 percent CAGR over 2020-25, driven by the increasing number of cyber-attacks, the increasing need for IT compliance and regulations, and massive financial and non-financial losses (such as reputational loss system downtime, reduced efficiency, etc.). McAfee has reported that in 2020 these losses reached nearly US$1 trillion, increasing about 50 percent from 2018. To put this in perspective, the losses account for nearly 16 percent of the global insurance premium volume.

Pandemic forces change

The pandemic has forced enterprises to rapidly shift to a remote/work-from-home format, compelling them to re-think their cybersecurity strategies, reassess their cyber threat exposures, and develop cyber policy plans that can adequately manage any potential threats.

Enterprises are not alone. Insurers have been significantly impacted by the rapid growth of cyber-attacks and burdened with the dramatic increase in claims losses from the policies sold. In 2020, the insurance industry is estimated to have faced more than a 27 percent increase in the number of claims, primarily driven by the increasing intensity of ransomware and phishing attacks, according to a report by insurance company Allianz. As these threats evolve and their severity increases, insurers are constantly facing the challenge of controlling these claims losses.

While the global pandemic has accelerated technology adoption, at the same time, it exposed cyber vulnerabilities and under-preparedness in enterprises, an analysis of the World Economic Forum’s Global Risks Report 2021 found. As the adoption of complex technologies such as AI/ML (artificial intelligence/machine learning) tools, IoT (Internet of Things) devices, and cloud infrastructure has increased, so too has the complexity of cyber-attacks. While cyber-threats such as phishing, ransomware, trojans, and botnets have remained prevalent, risks exist for more evolved and unknown strikes such as industrialized social engineering attacks.

With the growing sophistication of cyber-attacks, the average cost per attack for firms has also gone up. According to a survey conducted by McAfee, 67 percent of the surveyed companies reported that the average cost per attack was more than US$500k. Addressing the threat of cyber risk and plugging these losses is a critical priority for business leaders. However, efforts to back up IT resources and data and set broader cyber response plans have been limited due to a lack of expertise.

Cyber risk measurement and analytics needed

Today, we are observing an increase in demand for cyber risk measurement and analytics capabilities as organizations look for the right cybersecurity talent and technologies to help address these challenges. Insurers are trying to provide enterprises with the right cyber insurance policies to help curb these losses. However, they face their own set of challenges, including the underwriting of cyber insurance policies. A lack of historical data limiting their ability to accurately model risks, drive precision in pricing risks, and create coverage loss limits. Some cyber events go unreported, challenging insurers to get adequate information on cyber-attacks. Without an accurate cyber risk assessment, these policies may be ineffective, exposing insurers to significant losses in a major cyber event.

Another key challenge for insurers while underwriting cyber risk is ‘accumulation risk.’ While dealing with cyber risk, insurers must be aware of the increasing interconnectedness within networks that lead to dependent vulnerabilities of the commonly used systems that may translate into an untargeted spread of the attack to the adjacent networks. This adds a layer of complexity to underwriting, taking into consideration an unplanned impact on a larger number of clients.

Mounting claim losses raises concern

Growing claims losses due to increasing frequency and severity of attacks is another key concern for insurers. In mid-2020, an American GPS and fitness tracking company was a victim of a ransomware attack where a demand was made for US$10 million to get its systems back online. Similarly, in other cases companies have faced large monetary and non-monetary losses that translated into an increasing loss ratio for insurers. In the US, the average loss ratio for the top 20 insurers (who offer standalone cyber insurance policies) by Direct Written Premium in 2019 increased to 48.2 percent from 34.5 percent the prior year, according to a report on the US cybersecurity insurance market. For 2020, these loss ratios are expected to shoot up dramatically, given that the industry has already started calling 2020 a loss-making year for cyber coverages.

Managing cybersecurity risk is all about anticipating loss and building a sound strategy and plan to both prevent and quickly respond to threats by taking these actions:

  • Enterprises must beef up cybersecurity capabilities and invest in the right set of technology and talent levers to bolster cyber risk assessment capabilities
  • Insurers must identify the full set of dependencies to assess the complete severity of the attack

Failure to embrace cyber risk management could have severe consequences and leave organizations so far behind that they may be unable to catch up. To address these challenges, enterprises and insurers must proactively work together to mitigate cybersecurity risk.

Next in this three-part series is Cyber Insurance Market Dynamics, where we will discuss the measures taken by both enterprises and insurers to address these challenges. While enterprises are investing in Identity and Access Management (IAM) software, endpoint encryption, and other technologies, insurers are putting their money into bolstering underwriting efforts to model cyber risks more accurately.

If you’d like to share your observations or questions on the evolving cybersecurity and cyber insurance landscape, please reach out to Supratim Nandi ([email protected]), Mehul Khera ([email protected]), or Barbara Beller ([email protected]).


Next-generation Security Operations Centers | Blog

The rapid pace of digitalization has increased enterprise exposure to a diverse and evolved range of cyberattacks. However, many enterprises make security an afterthought rather than a part of their digital transformation journey. While they’ve always had a daunting task to make their business resilient, the COVID-19 pandemic has only added to their woes. A global shift toward remote working and the sudden expansion of the enterprise perimeter has contributed immensely toward enterprise challenges.

Here’s a quick snapshot of some high-level security-related challenges that enterprises will continue to face in 2021:


To overcome these challenges, which are associated with speed and scalability of security services delivery, enterprises rely on security operations centers (SOCs) to monitor systems and defend against breaches. As the frequency and severity of breaches continue to rise, traditional SOCs and Security Information and Event Management (SIEM) systems based on signatures and rule-based automation are quickly becoming obsolete, as they make it immensely difficult for security analysts to stay on top of internal and external threat-related data.

Consequently, SOCs need to transition to an “Aware” state that is underpinned by cognitive capabilities that help detect, prevent, and resolve incidents at scale to keep pace with evolving adversaries.

What is Aware SOC?

Simply put, an Aware SOC is underpinned by next-generation SIEM and cognitive technologies – AI and ML along with decision automation – to deliver intelligent security operations. The Aware SOC is built on a single platform that seamlessly integrates solutions from multiple vendors to augment existing capabilities. Designed to secure distributed enterprise architecture, an Aware SOC brings together the best of human + machine capabilities to help enterprises fight against the rising tide of sophisticated cyberattacks.

The table below shows how enterprises should think about an Aware SOC as an amalgamation of best-of-breed technology and talent:


Security operations done right: Moving to a platform-driven Aware SOC

The pandemic has been a major change agent for enterprises, significantly impacting their security operations. To incorporate speed and scalability in their security operations, enterprises are now re-thinking their SOC architecture. The platform that an enterprise chooses for its security operations has started to become a pivotal element of its overall security infrastructure, becoming the de facto operating system for other point-based security tools. The shift to a platformized cloud-first approach, underpinned by SaaS-based tools for monitoring, threat hunting, vulnerability assessment, and incident resolution is expected to be the springboard of security transformation for medium and large enterprises.

Here’s our view of an architecture for a platform-driven Aware SOC:


Enterprises can find significant value through platform-driven Aware SOC, where it can break systems down into building blocks and bring in modularity that allows them to scale and manage security controls across environments. The elements of platform, spanning data lake and network traffic analysis, also give enterprises enriched insights related to their existing and to-be security estates.

Advantages of investing in a platform-driven Aware SOC

Investing in an Aware SOC is a highly strategic decision. Beyond economic benefits, a platform-driven Aware SOC produces a number of other benefits, including speed, scalability, resiliency, and efficiency. The benefits discussed below are not an all-encompassing list but instead a starting point for exploring the benefits of investing in platform-driven Aware SOC:

  1. Automated security across the enterprise IT estate – ingest alerts across multiple environments and execute automated workflows/playbooks to speed up incident response
  2. Break team silos – playbooks for real-time collaboration capabilities that enable security teams to solve for existing and new threats and breaches
  3. Expedite incident investigations – enables standardized response for high-quantity attacks such as DDoS attacks. Also helps security analysts adapt to sophisticated one-off attacks.

Whether an enterprise is thinking of outsourcing security operations or bolstering them internally, it needs to future-proof its overall cybersecurity strategy. While charting the broader cybersecurity strategy, an enterprise needs to keep a firm sight on its short-, mid-, and long-term business goals. This is where a platform-driven Aware SOC can help. A platformized approach to Aware SOC that stitches the entire security fabric together will go a long way in ensuring that the enterprise’s cybersecurity strategy aligns with business goals such as speed, scalability, and resilience.

Follow this space for more blogs on cybersecurity. Meanwhile, please feel free to reach out to [email protected] and [email protected] to share your experiences and ask any questions you may have.

Self-aware Data – Securing Data across its Life Cycle | Blog

Increasingly costly data breaches in recent years have shown the importance of data protection and privacy in the age of the data economy. While organizations have accelerated their pace in adapting to the increased levels of security and data sharing, much still needs to be done. IBM’s 2019 Cost of Data Breach Report showed that the global average cost to an organization of a data breach was US$3.92 million, a 12% increase over five years. The latest attack on the European Medicines Agency (EMA) – in which hackers successfully penetrated and stole important information regarding the COVID-19 vaccine – is just one of the many examples of ever-increasing cyberthreats.

Where are the gaps?

Indeed, the key ways in which organizations still fail to secure data – even after so many advances in cybersecurity – have been highlighted by the rising number of data breaches during the COVID-19 pandemic, including such examples as:

  • Organizations secure the transport layer in which data is transferred rather than securing data itself
  • The controls and policies lie within an organization’s IT estate rather than with the data owner
  • There is a lack of centralized visibility into data movement and assets across the organization
  • It takes too much time and effort to implement policy changes across the organization
  • Employee awareness of, and preparedness for, security is generally the weakest link in cyber defense; a majority of breaches can be traced back to human negligence

Moving toward self-aware data

This situation is precisely where self-aware data can help. Self-aware data refers to data that is intelligent and can protect itself from intrusions. Each piece of self-aware data can defend itself at any place, continuously, during its lifespan and does not rely on securing the communication tunnel, which is the common security method. The approach is based on democratizing data security, which includes a process by which the data owner sets up policies related to accessing their data. It treats the root cause of data loss rather than the symptoms.

Let’s take a closer look at how organizations can implement self-protecting, self-aware data:

  • Focus on data rather than the communication channel – The core focus should be on securing data. A wrapped layer of security protocols across data enables the user to freely send the data across media without the worry of data loss. The data owner sets these protocols, and only users who meet these protocols can access the data.
  • The owner controls the data asset throughout its life cycle – Once the owner creates the data and establishes access-related policies, that owner should have complete control of the data until it is deleted. Even if copies are made on any devices or stored across locations, the owner should be able to control the files with the same policies.
  • Seamless data movement and interoperability across platforms – Self-aware data needs to be operable across platforms, devices, applications, operating systems, cloud services, and data centers. It must be universally deployable and interoperable to provide real-world protection across today’s diverse environments.
  • Built-in log analysis – Organizations need to implement built-in log analysis across the data life cycle, from creation to storage, until destruction. Self-aware data should be able to provide proof of possession, custody, and control. It needs to provide this information back to its owner for every copy or instance from anywhere.
  • Ability to upgrade policies on the fly – To adapt to the dynamic cybersecurity regulations, owners should have the feature set to apply any new policy regulation across all files at any time.

Future-proofing data

In a rapidly changing digital world, there is also an increasing need to future-proof intelligent data. We thus recommend the following actions to safeguard self-aware data from the next-generation threats of AI-/ML-powered cyberattacks:

  • Implement geo-fencing and geo-location capabilities – Such policies can ensure that the data stays within the organization’s geographical presence, which is especially helpful as we increasingly see a rise in hacker groups from specific geographies.
  • Detect and safeguard related data pieces – Organizations should also ensure that the protection rules or protocols are able to replicate themselves wherever that data or any part of it flows. For example, if the protocols allow certain users to access an Excel sheet containing a sales data table, these protocols should be replicated automatically if any row of that sales table is used in any other document or Excel file to ensure end-to-end data safety.
  • Foolproof data against any augmented intelligence approach – Data masking and Generative Adversarial Network (GAN)-based techniques to generate synthetic data have been a boon for training AI/ML models. Self-aware data, if masked or even synthesized to generate new synthetic data, should be able to recognize the base parent file and initiate the same set of protocols on the new files created.

When combined with a zero-trust architecture, self-aware data can act as an invulnerable armor for the valuable data assets that organizations possess. To capitalize on the opportunity, some startups have already started work on tools and solutions to enable self-aware data in the hopes of making data breaches irrelevant.

If you have any questions regarding how self-aware data can help secure your existing data landscape or would like to share your inputs on the broader cybersecurity landscape, please write to us at [email protected] and [email protected].

Digital Trust – the Key to Secure Customer Engagement and Stickiness | Blog

In an age of pervasive cyberthreats and attacks, enterprises increasingly realize that ensuring trust and privacy is vital in the customer journey. In fact, CXOs now view cyber risks as business risks that can prevent them from establishing strong customer relationships, and they are proactively trying to find ways to address privacy or security gaps in their customer engagements.

In this context, the goal of digital trust is to instill confidence among enterprise customers, business partners, and employees in an organization’s ability to maintain secure systems, infrastructure, and perimeters, as well as to provide a secure, reliable, and consistent experience. Today, digital trust underpins businesses’ success directly by creating confidence among customers and other stakeholders.

Users at the core of digital trust

Establishing digital trust goes beyond the creation of a secure application or enforcement of stringent regulations to avoid cyberattacks. It is about leveraging the right combination of tools and technologies to create a superior digital experience for users that not only protects their privacy but also exceeds their service expectations.

To create such an unparalleled and smooth user experience through their digital transformation initiatives, enterprises should ensure and embed digital trust seamlessly in their processes and systems. Organizations need to understand that they can achieve 360-degree trust only if they keep the user at the center of digital transformation initiatives and build enterprise security controls around user attributes such as device, data, applications, and user environment.

To make digital trust a reality, enterprises should comply with privacy regulations to have the right data security controls across environments, employ usage-based security controls across the IT estate, provide secure access to user devices, understand user behavior through behavior and entity analytics, and monitor user activity to create secure access across applications, devices, and networks.

Building digital trust the right way

In a 2019 Everest Group survey of 200 CIOs, about 71% said they believe that they lacked centralized visibility across their IT estate, almost 42% said they were unable to measure and quantify end user experience, and 53% were unable to leverage essential technologies to improve end-user experience. About 70% of enterprises still lacked the capabilities of a unified threat detection system to prevent, detect, and manage unknown threats. These figures point to the glaring gaps in enterprises’ IT security infrastructures and understanding of their users’ experiences.

The concept of digital trust ties together business objectives and business resilience goals and ensures that the right user with the right intent is granted the right set of access and permissions for the right purpose. To build digital trust among users, organizations need to consider specific action items for different cybersecurity segments to create 360-degree digital trust, as outlined in the exhibit below.

Digital Trust – the Key to Secure Customer Engagement and Stickiness

Instead of implementing discrete security controls across the organization, enterprises need to take a holistic, outcome-oriented approach to cybersecurity. When organizations approach cybersecurity with the objective of creating a seamless user experience, it facilitates a sense of mutual and complete trust.

Digital trust in the age of COVID-19

The COVID-19 pandemic has led to a massive shift from offline to online channels. Such digital business extensions have created unprecedented security concerns worldwide. Users are concerned about the security of their private data and how organizations handle it. To build trust, enterprises must focus on building an empathetic and secure organization. If they can get this right, they will be able to win customer loyalty and trust, thereby laying the foundation of a future-proof sustainable business. As the world fights the pandemic, digital trust could well be the glue that binds customers to them.

To learn more about the need to think of IT security as the key enabler of digital trust among users and customers, please see our latest report, Digital Trust – The Cornerstone of Creating a Resilient and Truth-based Digital Enterprise. You could also reach out to us directly at [email protected] or [email protected] to explore this concept further.

Anti-financial Crime Talent Imperatives in the Digital Age | Blog

For years, financial institutions have struggled to attract and retain quality anti-financial crime (AFC) talent, which remains a compliance program’s most vital asset. And the situation is only getting worse.  Why? First, both the importance and application of anti-money laundering (AML) and fraud risk management are increasing. Second, the requirements and expectations of regulators are snowballing. And third, demand for AFC talent is skyrocketing while unemployment remains low. It’s a perfect storm.

Perhaps most importantly, the AFC workforce must now be able to work with artificial intelligence and machine learning technologies. Financial institutions that can’t adapt their workforce to the demands of this new augmented human intelligence era simply won’t survive. Knowing what talent to look for – and how to attract, manage, and retain it – is key.

The changing definition of talent and the rise of “bilinguals”

In the past, whenever new compliance initiatives or regulations arose, banks tended to staff up operational teams to address them. Now banks realize that hiring operational staff isn’t enough. Instead, solving for the underlying problem – be it “Know Your Customer” remediation, reducing incidences of fraud, or ensuring better AML compliance – is the answer.

To do this, banks are breaking up their talent pyramid into tasks. Those tasks that are manual and repetitive (and therefore subject to a high degree of automation) sit at the bottom of the talent pyramid. And those requiring a high degree of judgment that can be handled only by skilled employees sit at the top. As a result, talent must now be “bilingual,” possessing not only the domain and operational expertise to drive judgments but also the technology expertise to help automate repetitive, mundane tasks.

Attracting talent

If a bank has bilingual workers, it’s not letting them go, so finding such talent at scale through hiring practices alone is unlikely. Instead, the challenge is to identify skilled workers from either a domain or technology background and train them to develop the skills they lack.

One solution is partnering with universities. For example, recognizing that ready talent is not necessarily available in the marketplace, some service providers partner with universities to identify suitable individuals for entry-level positions and then train staff in those positions on AFC fundamentals.

Developing talent

At the same time, the half-life of professional skills is decreasing at an alarming pace. Regulations and technology are constantly changing, so talent agility is key. Organizations must create an environment of innovation, training, and enabling people to do their jobs faster and better, including enabling them with access to the right tools, be they bots or data libraries.

Firms are increasingly using techniques such as micro learning, which breaks information into bite-sized pieces, and spaced learning, which identifies the right moment for intervention so that trainees retain more information. Gamification is another technique that makes learning fun and increases retention.  Through a combination of these approaches, firms can train employees and develop talent much more efficiently.

Retaining talent

Today’s banks are losing employees not only to other banks, but also to techfin firms. Amazon, Apple, Facebook, and Google are all making forays into banking, and they’re always on the lookout for people who can help their engineering teams understand the financial payments and risk disciplines. To retain talent, it’s important to drive workers’ aspirations.

Keeping employees engaged is essential to retention. Engagement can be accomplished through creative challenges and contests that instill sustainable change and help employees use their skills beyond their day-to-day work.

When it comes to AFC talent, it’s a battlefield out there. To learn more about how financial institutions can attract, manage, and motivate AFC talent to achieve the best balance between human and technical intelligence, check out the webinar I recently conducted with Genpact on this topic.

Key Issues For Enterprise IT Spend Decisions In 2020 | Blog

When considering your company’s IT spend decisions for 2020, it’s helpful to know what your peers and competitors expect for IT spend this year. What are their top investment priorities? Their biggest challenges? Is their focus different for 2020 than it was in 2019? How will their plans change if the economy strengthens or if it weakens?

Read my blog on Forbes

Is Latin America the Emerging Region for Technology Services Delivery? | Blog

For years, India has been the epicenter of offshore technology services delivery for U.S.-headquartered enterprises. But our Market Vista Annual Report 2019 and Predictions for Global Services Delivery Locations 2019 reports show that a host of factors are driving a much closer look at Latin American countries as a destination for the delivery of IT services.

So, what’s making Latin America click with companies of all sizes, including some of the world’s biggest brands, like Amazon, Facebook, Google, HP, Intel, and Microsoft?

Proximity with the U.S.

The time zone differences between India and the U.S. are impeding demand for agile development. But because Latin America and the U.S. share similar time zones, the delivery and client teams can collaborate in real time.

Availability of skilled IT professionals

Due to strong government and educational support, Latin American countries are producing an ever-growing number of talented professionals with relevant, and often advanced technology skill sets, like blockchain, artificial intelligence, and machine learning.

Rise in technology start-ups

The abundance of low-cost technical talent is driving a surge in Latin American country-based technology start-ups through accelerator programs such as 500 Startups, Techstars, and Y Combinator. Investors are also betting high on tapping the potential of technology start-ups in the region. For example, SoftBank Group in March 2019 announced a US$5 billion Innovation Fund, touted to be the largest-ever technology fund in Latin America.

Less competitive intensity

Although India is far more cost competitive than Latin American countries, competition in India is increasingly intense given that it is home to more than 1,100 shared services centers and thousands of service provider delivery centers. Because there are fewer service delivery centers in Latin America, competition for talent is comparatively lower, making it easier for companies to hire the best talent.

Language proficiency

Most Latin American countries have significantly improved in English language proficiency over the years. And their Spanish language skills are valuable to the U.S. market given the large Spanish population residing in the country.

Most leveraged countries for technology services in Latin America

What are the top five Latin American countries doing to advance their attractiveness to technology services clients?

Mexico — #1

  • Passed new regulation for its FinTech sector, which is the largest FinTech ecosystem in Latin America
  • Established INADEM to support establishment of start-ups
  • Launched 500 Startups Latin America, Startup Mexico, and Startup Weekend Mexico to develop tech start-ups
  • Launched the world’s largest free economic zone along the US-Mexico border to attract tech investments.

Argentina — #2

  • Passed the Entrepreneur’s Law, which accelerates businesses’ registrations
  • Launched programs such as Startup Buenos Aires and IncuBAte to support entrepreneurship
  • Provides free university education to everyone.

Brazil — #3

  • Established Start-Up Brasil, a federal program to support start-ups
  • Launched TechD, a public-private partnership, to fund emerging technology companies
  • Initiated a national plan on digital transformation, IoT, and information, communications, and cyber security strategy
  • Launched STEAM courses to develop a large pool of engineers and technical talent
  • Passed a law to hire temporary workers on a longer contract term.

Colombia — #4

  • Rebranded Colombia as a technology center, and offers tax incentives and a professional training program
  • Established a Ministry of Science, Technology, and Innovation, and a High Council for Innovation and Digital Transformation to support tech initiatives.

Chile — #5

  • Launched a centralized web system that allows one-day business registrations
  • Established Start-Up Chile to support development of start-ups and boost the local tech ecosystem
  • Launched a tech visa facility to help technology talent and investors acquire a visa in 15 days
  • Introduced a blockchain-based platform for public payments.

With their strong trade links, nearshore advantage, and growing technology talent pools, several of the Latin American countries offer a multi-pronged value proposition to enterprises seeking an IT services delivery destination.

To learn more about the region, please read our Market Vista Annual Report 2019 and Predictions for Global Services Delivery Locations 2019 reports.

Protect Yourself from Cyber-breaches: Digital Forensics and Incident Response | Blog

According to the Identity Theft Resource Center, a staggering 1,200+ breaches were reported in 2018. A breach can wreak havoc on a business, including – but not limited to – loss of revenue and reputational harm. And poor incident response can compound that damage, as demonstrated by breaches at Deloitte, Equifax, Uber, and Yahoo.

Some enterprises are recognizing the importance of being prepared and able to respond to attacks: 22 percent of respondents to a 2018 Everest Group survey rated “reduction in time/effort to detect, respond, and recover from breaches” as their top strategic priority in next 12-24 months.

But given the dangers, 100 percent of enterprises need to think through and create an effective risk mitigation strategy. This is where Digital Forensics and Incident Response (DFIR) can be essential. Combining incident response with deep forensic analysis to collect and examine digital evidence on electronic devices, an effective DFIR strategy can help mitigate business risks in the early stages of an attack.

Twin Forces Driving DFIR adoption

Starting on the DFIR journey: an enterprise perspective

The first step in the journey is establishing forensic analysis and incident response teams responsible for reporting, incident handling, and monitoring when a breach is detected.

The incident response team should have specific training in areas such as file systems and operating system design, and have knowledge of possible network and host attack vectors.

After a breach is detected, the forensic analysts must work closely with the incident response team to address several issues, such as isolating affected systems and making containment decisions, based on existing device, access, and data security policies. Enterprises must also update their policies regularly to stay ahead of attackers.

Putting DFIR into action

An effective incident response plan should include the following components:

Enterprise action items following breach detection

A guided approach to creating a DFIR strategy

Enterprises without a cyber-attack incident response plan leave themselves open to potentially insurmountable losses. Despite the danger, they often face significant challenges in creating a plan. These challenges include:

  • Limited budget for plan development and forensic analysis
  • Lack of built-in approval systems to kick off incident response
  • Lack of support for cyber insurance policies
  • Lack of adequate skill sets to perform forensic analysis.

Our guided approach to developing a DFIR strategy can help enterprises evaluate and onboard digital forensics as part of their overall cybersecurity strategy.

DFIR strategy for enterprises

Specialist DFIR offerings can help

As many enterprises aren’t equipped to improve their security posture and reduce incident response times on their own, specialist DFIR vendors – such as CrowdStrike, Cylance, and Mandiant – can assist with suites of holistic offerings. In contrast with managed security services (MSS) players, specialist DFIR vendors lead with localization as their core value proposition. Their product-centric service offerings, localization, and a guided approach help enterprises build resilient business are valuable resources for enterprises.

In fact, DFIR capabilities are becoming a deal clincher/breaker in large security transformation deals between enterprises and MSS providers. Enterprises need to carefully analyze the value proposition of their current/potential MSS partners serving as their DFIR vendor. The following checklist can help enterprises determine if their MSS providers can provide DFIR services.

Enterprises MSS Partner checklist for DFIR capabilities

Approaching DFIR in the digital world

Today’s business environment has dramatically changed the way enterprises need to address DFIR. Adoption of digital technologies such as cloud, IoT, mobility, software defined everything (SDX), etc., has made traditional forensics techniques obsolete. And issues such as evidence acquisition, validation, and cataloging are just the tip of the iceberg.

The following new approach can help enterprises effectively protect themselves against cyber attacks in the digital world.

The new approach to DFIR

Given what’s at stake, enterprises must understand that remaining in the dark about potential breaches can prove significantly more devastating than the time and resources required to build or onboard competent digital forensics capabilities. DFIR can be a challenge, but it’s worth it.

Please reach out to us at [email protected] and [email protected].com if you are interested in exploring DFIR in further detail.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

  • Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.