After announcing my plans to leave the White House to join Coalition®, I noticed something interesting: My cybersecurity and national security colleagues never asked me why. Neither did my spouse, a software engineer, who has patiently listened to me worry about one national security risk or another for the past 18 years.

They know why.

While serving at the National Security Council, I had a front row seat to the consequences of poor cyber hygiene. Over a matter of months, I saw federal departments and agencies navigate the fallout from multiple significant cybersecurity incidents, including a ransomware incident that paralyzed fuel delivery across the Eastern Seaboard. Many of the perpetrators of these incidents weren't particularly sophisticated — all it took was a compromised password to hack Colonial Pipeline. 

I've come to appreciate that Active Cyber Insurance is more than just insurance. It's an important, comprehensive approach that can help businesses improve their cyber hygiene at scale so there are fewer incidents like these.

The inherent challenges of cybersecurity

Businesses and governments are confronting an urgent and complex challenge. Cyber criminals and malicious state actors know cyber intrusions can be profitable, including by extracting ransoms and stealing trade secrets. Every day, we introduce new risks as we connect more systems to the internet — and to each other. 

Legacy hardware and infrastructure built before the internet presents a unique risk because it's particularly difficult to secure something designed for an analog world. The internet became widely available in the United States roughly 25 years ago, but many of our natural gas pipelines are over 60 years old. The average global lifespan of a coal-fired power plant is around 50 years, and, until last year, the New York Metro Transit Authority was running trains that were more than 55 years old. 

Pipelines, power plants, and subways are now digitized, often by way of a digital overlay bolted on top of a pre-internet piece of machinery. In addition to legacy infrastructure risks, we are manufacturing new products and services that are smart by default. Unfortunately, many are not secure by default. Every additional smart thermostat, sensor, or relay expands the potential attack surface that malicious actors can try to breach.

Fortune 100 companies invest millions in resources to continuously improve their cyber defenses. They have some of the most sophisticated cybersecurity operations and business disruption contingencies but recognize their exposure to risks from others in the supply chain. Some mitigate third-party risk by requiring suppliers to implement specific cyber hygiene measures, and then look for indicators that they have done so. One such indicator is a supplier's ability to secure and maintain an active cyber insurance policy.

Small and midsize businesses (SMBs) do not have the same resources as Fortune 100 companies, but they face similar risks and challenges. I know from experience that company size is not a reliable indicator for the damage that can follow from a cyber disruption.

SMBs are embedded throughout critical supply chains globally; they often struggle with accessible, cost-effective cybersecurity solutions. Coalition can be an important partner to them. 

Making an impact at scale

I vividly recall a third-generation small business owner relaying her feelings of isolation and frustration as she spoke to the magnitude of the challenge: "I don't have a CISO or a 24-hour Security Operations Center. I have a network administrator and Geek Squad."

Active Cyber Insurance doesn't just help SMBs mitigate financial risk from incidents, it helps prevent them by making a strong cybersecurity defense more accessible with risk assessments, continuous monitoring, access to a cadre of experts, and additional support. These partnerships fill a critical security need in the marketplace.

Governments and industry are actively partnering to confront complex cybersecurity challenges, but we must do more to defend the services and systems we use every single day. I joined Coalition because our work is central to the future of that defense.

Coalition's mission is to protect the unprotected. If our mission also resonates with you, please join us. Check out our careers page for a future opportunity.