His talent for predicting the stock market has seemed to carry over to the cybersecurity space, given Buffett made this statement at Berkshire Hathaway’s annual shareholder meeting just before last week’s WannaCry devastation.
The government appears to be heading Buffett’s warnings. Last week Trump signed an executive order on cybersecurity, aimed at:
[list="color: rgb(0, 0, 0); font-family: Helvetica, Arial, sans-serif; font-size: 12px;"]
[*]Agencies employing the NIST framework
[*]Holding departmental secretaries and agency directors accountable for security
[*]Promoting a government-wide initiative to modernize IT to include more secure systems
[*]Recognizing the need for transparency around cybersecurity disclosure
Additional government indicators:
- New SEC Chairman, Jay Clayton, has thrown his support behind a Senate bill that would require companies to disclose whether their board of directors has a cybersecurity expert.
- There's a push for every regulatory authority in the financial, energy and healthcare arenas to have a senior leader overseeing and coordinating security policy and execution. The SEC appointed their own last June when they brought on Christopher Hetner, former cybersecurity chief at E&Y and GE Capital, as senior adviser on cybersecurity.
- Trump’s pick for Treasury Department general counsel, Brent McIntosh, co-leads the cybersecurity practice at international law firm, Sullivan & Cromwell LLP.
This is a lot of government activity around cybersecurity. And rightfully so. Begs the question, are you doing enough? Because one-and-done, point-in-time assessments are nowhere near enough.