We are on the edge of a new ‘cyber’ space age. This is how we make it a success 

Almost exactly 50 years ago, Neil Armstrong became the first human to set foot on the Moon. This remarkable achievement had been unimaginable only years before and has been surpassed by few endeavours since. It is also testament to what is possible through public-private collaboration.

During the 1960s, roughly 90% of NASA's overall budget was used to purchase goods and services from the private sector. Businesses literally powered man to the moon; North American Aviation built Apollo 11’s Saturn V rocket. Protection against the many complex risks of space travel was just as vital. Goodyear Aerospace regulated engine temperatures operating at almost 3,300˚C. Meanwhile, ILC Dover created spacesuits which protected against the moon’s extreme temperature variations. Without these technologies, space travel would never have been viable.

Today, half a century on from Apollo 11, technology developed for the programme is used in products ranging from kidney dialysis machines to water purification. Even our smart devices owe their existence to the Apollo programme.

Today, smart technology places us at the edge of a new ‘cyber’ space age. The combination of connectivity, mobility and data presents almost boundless opportunities. The aim is the same – to advance humanity. And success will require the same ingredients; public-private collaboration and a focus on security and protection against the risks.

The task is formidable. Data breaches continue to rise in both frequency and cost. Meanwhile, the World Economic Forum’s Regional Risks for Doing Business 2018 report showed cyberattacks as the number-one concern for businesses in Europe, East Asia and the Pacific, and North America. And cyberattacks are increasingly migrating from traditional data loss and service interruption to material or even bodily impact.

Neither the public nor private sectors can solve these challenges alone. We need to increase momentum around collaborations, resist silo thinking and recognise that geopolitical tension is a hindrance to the crucial work needed. Organizations such as the World Economic Forum play an important role in bringing stakeholders together and coordinating activities. One example is the World Economic Forum’s Center for Cyber Security, which brings together experts and thought leaders to further address systemic cyber-risks and create tools to better understand it.

At a high level, the key aims for collaboration are three-fold. First, we must build a general culture of resilience, rather than protecting against individual cyberthreats. In the 2018 PwC Global Economic Crime survey, less than half of organizations had conducted a cybercrime risk assessment and only 30% had a cyber-response plan. Meanwhile, many lack a thorough understanding of what their critical data assets are, where they reside, and whom they support. Investment is needed to truly understand what information is needed to sustain critical business operations and protect data.

Public and private sectors must therefore work to increase organizational preparedness. Risk transfer is only one part of the tapestry for cyber insurers, and Zurich Insurance has invested in a new, state-of-the-art Cyber Fusion Center to establish collaboration between highly-skilled cyber threat intelligence, response, forensics, and vulnerability management teams. We are also working with several security service providers, such as Zeneth Technology Partners, to help customers identify cybersecurity vulnerabilities in their systems before an attack takes place.

For their part, policymakers should look to improve ‘cyber education’ in the private sector, particularly amongst SMEs. The US Department of Homeland Security’s recently announced plans to set up a National Risk Management Center are particularly welcome in this vein. The Center will initially work with financial firms, energy companies and telecoms providers to help identify industry security weaknesses, develop response plans and run cyber drills.

Achieving resilience also means monitoring and improving incident response on a global level, particularly to systemic cyber events. This will require increasing cooperation on global governance. Policymakers must seek to identify those global governance institutions that are fit for purpose, strengthen and clarify their roles and isolate them from geopolitical tension. Global cyber governance could also be improved via the use of networks to allow national cyber governance entities to interact; creating trust, increasing coordination and facilitating joint responses. This approach would mirror the informal coordination among central bank governors, which proved successful during the financial crisis. One further idea could be to establish either a Cyber WHO or G20 structure, which would coordinate preparedness, resilience and response to a systemic cyberattack or failure.

The second area for collaboration is facilitating conditions that allow the insurance sector to play its traditional risk-management role. As with any exposure, in order to effectively underwrite cyber-risk - and assess its frequency and severity - insurers must have access to credible and consistent data. This includes incident reporting, impact assessments, forms of attack and threat analysis. The public sector can bolster information sharing by protecting victims of cyberattacks from liability concerns. Establishing common attribution protocols will also aid underwriting. This is under discussion within the insurance industry and among businesses across the globe that are facing major cyber-related risks. Clarity will support the growth of the cyber insurance market and ensure that customers have the correct coverage in place.

But even with these efforts, not all large-scale events may be insurable. Such is the systemic and complex nature of cyberattacks - with often uncertain levels of total or ‘accumulation’ risk - that some government capital support may be needed. Cyberwarfare such as a state-sponsored attack on a national electricity grid may fall beyond the appetite of the market. The third and final action for collaboration is therefore to consider the feasibility of government-backed reinsurance schemes, similar to those that address natural catastrophes and terrorism. These discussions must find the right balance between a sustainable cyber insurance industry and the natural demand for mitigating these risks for consumers and the economy.

Today’s cyber space age may not have a moon landing, but its potential benefit for society in the next 50 years could just be even greater. Success is within our grasp, but the stakes are higher and the risks more complex. A collaborative focus is once again required. It is time to come together in this next giant leap for mankind.