The recent White House Security Summit saw President Biden host CEOs from the tech, energy and finance, education and insurance sectors as part of the ongoing response to the cyberattacks that have impacted government networks and critical infrastructure.
The event included breakout sessions focusing on issues such as ‘Critical Infrastructure Resilience’ and ‘Building Enduring Cybersecurity’ for the insurance sector, and resulted in a series of cybersecurity pledges, with some of the biggest tech brands announcing multi-billion dollar investment to address current and future risks.
These include a $20 billion commitment from Microsoft, to be spent in improving cybersecurity measures over the next five years. Meanwhile, Google allocated $10 billion over the same period, and its focus will include training 100,000 people, while IBM said it would train 150,000 in cybersecurity skills.
Clearly, this is designed to help address a chronic global cybersecurity skills shortage, which is impacting the ability of businesses and public sector organizations to deliver effective protection. Recent research published by ISACA, for instance, found 61% of cybersecurity teams are understaffed, while 55% of respondents said they have unfilled cybersecurity positions. Among those organizations who have experienced more cyberattacks in the past year, 68% reported that they are understaffed.
The summit is the latest in a series of moves by the U.S. government to improve the ability of public and private sectors to withstand cyber attacks. Following major incidents such as the SolarWinds hack and the Colonial Pipeline ransomware attack, President Biden signed an Executive Order in May focused on investment and modernization.
The EO emphasised the need for partnership between public and private sectors will play an important role. As the President pointed out during the summit, “The reality is, most of our critical infrastructure is owned and operated by the private sector . . . and the federal government can’t meet this challenge alone.”
Momentum has been growing. In August, U.S. lawmakers introduced a bipartisan bill to require some businesses to report cyber incidents to the government so that it could “mobilize to protect critical industries across the country.” In fact, the emphasis on legislating against cybercrime is on the increase globally, with China recently introducing new data laws, while the EU has introduced a new ‘Cyber Resilience Act’ designed to set common security standards for connected devices.