[BreachExchange] 'Cyber is Uncharted Territory And It’s Going To Get Worse…’

Mon May 21 19:29:49 EDT 2018

https://www.cybersecurityintelligence.com/blog/cyber-is-uncharted-
territory-and-its-going-to-get-worse-3373.html

During the recent shareholder’s meeting of the celebrated investment firm
Berkshire Hathaway the company’s CEO Warren Buffett warned that there’s
about a 2% risk of a $400 billion disaster occurring as a result of a
cyber-attack.

“This is uncharted territory and it’s going to get worse, not better.
You’re right in pointing that out as a very material risk that didn’t exist
10 to 15 years ago, and will get more intense as time goes on,” Buffett
said, replying to a question about how he prepares for a big cyber-related
disaster.

Berkshire Hathaway’s insurance arm offers professional liability with cyber
insurance, but Buffett said he doesn’t want his company to be a pioneer in
the arena, since it’s largely unpredictable.

A Known Unknown

“I think anybody that tells you now that they think they know in some
actuarial way either what general experience is likely to be in the future,
or what the worst case would be is kidding themselves. And that’s one of
the reasons I say that a $400 billion event I think has a roughly 2%
probability per year of happening.”

Buffett said that while insurance companies have a pretty good idea of the
probability of an earthquake happening in California or a major hurricane
hitting Florida, cyber disasters are still an unknown.

“Frankly, I don’t think we or anybody else really knows what they’re doing
when writing cyber [insurance],” Buffett said. “It’s just really, really
early in the game. We don’t know the interpretation of the policies will
be. We don’t know the degree to which they’ll be correlated.”

The Bad Guys Are Always Ahead
Buffett also explained that when he speaks to cyber-security experts, they
tell him that the offense is always ahead of the defense, and that will
continue to be the case. That’s a smart call, and exactly how big tech
companies currently think of the cybersecurity landscape. To offset this,
the companies actively hunt for ways attackers could penetrate their
systems and plug those holes before hackers can find them.

After all, the world runs on software, and software is written by humans
who are just as flawed as you and me. No matter how much they try, they’ll
still end up accidentally inserting some kind of error into their code that
can be exploited. That’s just how the system works.

This isn’t the first time Buffett has opined on cybersecurity. In 2017, the
CEO said he doesn’t understand much about cyber-attacks, but said that it
is “the number one problem with mankind.” He even went so far as to compare
cyber-attacks to nuclear and biological weapons.

That might seem like an exaggeration, but cyber-attacks can impact
everything from elections, like the Russian meddling campaign during the
2016 elections, all the way up to nation state attacks on critical
infrastructure like nuclear power plants.
And unlike nuclear and biological weapons, cyber weapons are being created
and used regularly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180521/e7870c9a/attachment.html>