Aspen 2024 Cyber Summit | Brunswick Group

Aspen 2024 Cyber Summit

Five Takeaways for Business Leaders

This year’s Aspen Cyber Summit, which took place in Washington on Sept. 18, brought together government and industry leaders to discuss the latest cybersecurity trends, challenges and policy developments.

The event featured some of the most influential regulatory leaders and agency officials in the U.S. Speakers included Federal Bureau of Investigation Director Christopher Wray, Federal Communications Commission Chair Jessica Rosenworcel, Federal Trade Commission Chair Lina Khan and Consumer Financial Protection Bureau Director Rohit Chopra. International representatives from the Five Eyes intelligence alliance also attended and shared their views on the global landscape.

Siobhan Gorman, a Brunswick Partner and Cybersecurity, Data and Privacy lead, distilled the event into the following highlights.

 

More single points of failure increase “mega breach” risk 

In the past year, mega breaches and IT outages demonstrated how deeply integrated systems, reliance on third-party vendors and consolidation through M&A are creating single points of failure. Business leaders need to create more redundancies for critical systems within their organizations and take a closer look at security exceptions, which are often made for the sake of operational efficiency and can leave the door open to cybercriminals. As cyber incidents generate more damaging third- and fourth-order effects on society, organizations also need to test their crisis plans and identify a senior crisis captain to bring together the operational and communications response.   

Law enforcement cooperation can reduce time and cost of breach response 

It is “almost inevitable your company will be subject to a cyberattack,” FBI Director Christopher Wray told the Summit, noting that 15 of the 16 U.S. critical infrastructure sectors fell victim to ransomware in the past year. He made a strong pitch to business leaders about working with law enforcement, especially to get help unlocking encrypted data. The FBI has saved companies around $800 million in ransom payments in the past two years, he said, and companies that bring in law enforcement recover from a breach, on average, 33 days sooner than those that do not.  

Foreign influence operations are a growing threat to business 

Cybersecurity is increasingly tied up in geopolitical tensions. Any business can be caught in the crosshairs of a nation-state cyberattack or espionage operation, especially in critical infrastructure sectors like energy, healthcare and telecommunications, which are operated by a combination of public and private entities. State-backed disinformation—"perception hacking”—is another front of cyber information warfare that businesses need to prepare for, as foreign adversaries feed off societal divisions to sow discord, undermine trust and advance their agendas.  

Regulators call on industry to mitigate the dangers of AI 

AI is enabling more sophisticated cybercrime and fraud as voice cloning and deepfake videos become easier and cheaper to produce. There also have been some positive developments as tech companies build new tools that can help determine the origin and authenticity of audio and video content. AI platform providers are also voluntarily establishing guardrails to prevent misuse. Regulatory leaders at the FCC, FTC and CFPB argued that voluntary efforts are not enough. They called on industry to increase the transparency and security of AI, so consumers will know when they are interacting with AI systems and understand the associated risks and how data about them are being used.  

The time to invest and incentivize cyber workforce development is now 

All businesses are facing the same fundamental questions: How do we protect ourselves as technologies like AI and quantum computing are moving at such a rapid pace and cybercriminals are evolving in tandem? How do we put the right guardrails in place to make sure we are adapting and anticipating as much as we can? To build a more resilient future, companies need to think about cybersecurity investments over a longer time horizon. Cyber resilience is only as good as the cyber workforce. Businesses that invest in and incentivize cyber training and skills development are a big part of the solution.  

You can download a copy of this note here

To continue the conversation

Siobhan Gorman
Partner, Cybersecurity, Data and Privacy Global Lead,
Washington, D.C.
[email protected]

Siobhan concentrates on crisis, cybersecurity, public affairs and media relations. She works on corporate crises and corporate reputation projects across a range of industries. Tapping her longtime journalism experience, she regularly advises clients on media relations issues and conducts media training for executives. 

Download (180 KB)