A series of actions can greatly improve the quality of conversation on cyber resilience and accelerate coordination. Although thinking on this issue continues to evolve, two areas offer promise in building maturity in the ecosystem:
- Risk markets. Making use of a developed cyber risk insurance market to trade and monetize the risk from cyber events.
- Embedded security. Exploring options to embed security parameters earlier into the lifecycle of products, and even into contemporary means of communication, such as the Internet.
Against this backdrop of high-value responses, it is worth noting that another range of actions is likely to deliver low or uncertain value in fostering cyber resilience. For example, while governments may be in a position to disrupt supply chains for attack vectors, such a move by private-sector institutions would seem to be uncertain or counter-productive because of the collateral fallout. For their part, regulators may be able to engage in counter-attacks and service disruptions, but they should be cautious about allowing Internet service providers to engage in similar efforts because of possible reprisals on the overall infrastructure or bystander organizations.