Virtually all organisations today possess data of some kind, such as information about their clients, and are possible targets of cyber criminality. They are therefore faced with the challenge of handing cybersecurity issues correctly, which is far from easy. “Cybersecurity is becoming increasingly complex, and probably too complex for most small and medium-sized companies,” confirms Paul Such, CEO of Hacknowledge and one of the speakers at the event “Meet the Cyber Future” organised in October 2018 by Luxinnovation during Luxembourg’s Cybersecurity Week. “There are more and more solutions available, but it is very difficult for companies to select the right ones and implement them correctly.”
Cyber Hedge founder and CEO Ryan Dodd agrees, adding that the extensive outsourcing of IT-related services contributes to the complexity. “Outsourcing, often to a large number of providers, means that companies are now responsible not just for themselves, but also for the security of their third-party providers,” he says.
A market ready to invest
To alleviate these difficulties, Hacknowledge has developed a security operations centre (SOC) that constantly monitors clients’ networks. Immediate alerts are issued when threats are detected and confirmed, together with expert advice on how to remediate the attack. “Our strength is to be vendor independent, which makes our SOC affordable to companies of any size and sector,” says Mr Such.
The Luxembourg market is aware of the growing security and monitoring needs and is ready to invest.
Originally set up in Switzerland, his company now also has an office in Luxembourg located at the Luxembourg House of Financial Technology (LHoFT). “The Luxembourg market is aware of the growing security and monitoring needs and is ready to invest,” Mr Such points out. “Due to its small size, the market is very intense and concentrated and proximity is key. This is why we did not hesitate to replicate our Swiss model locally in Luxembourg.”
Attacking the attackers
ODIX has brought malware prevention tools based on Israeli cyber defence skills to Luxembourg. “As I and several of the other speakers at ‘Meet the Cyber Future’ pointed out, new malware, viruses and attacks constantly appear which current tools cannot protect you against,” says CEO Dr Oren Eytan. “Instead of only being responsive to detected attacks, we need a new, proactive approach to clean files and neutralise malware. We have to be at least one step ahead of the hackers.” ODIX has developed a unique cybersecurity solution called CDR – Content Disarm & Reconstruction. The system processes all incoming files, disarms all malware and reconstructs them again. This very innovative technology is the next generation of file protection.
Calculating cyber risks
Cyber Hedge also has offices in several locations: New York, Washington, London and Luxembourg. “Luxembourg has resources and a sincere desire to make progress. I think this is because the government acts and doesn’t just talk about these issues, which is very rare at the country level,” says Mr Dodd. He calls for replacing the current focus on cyber threats with a broader view on solutions that help fortify the assets as risk. This is especially important for Luxembourg which, despite its small size, is the second largest fund administration centre in the world.
All other risks are discussed in financial terms, but cyber risks are still discussed in technical terms.
Another big problem, according to Mr Dodd, is that although companies are increasingly aware that cyber risk is an important issue, they are not able to manage it at the level of board and senior management in the same way they do with other risks. “The main reason is that all other risks are discussed in financial terms, but cyber risks are still discussed in technical terms. The topic has no business context or meaning to a CFO or a board member.” The company of this former hedge fund manager is one of the few that can instantly provide accurate cyber value risk estimates, expressed in financial terms and backed with verifiable market data. Cyber Hedge can also offer benchmarks that allow firms to compare their performance with that of their peers.
Insuring against cyber attacks
With the increasing awareness of cyber risks comes a growing demand for cyber insurance. For the insurance industry, this is an atypical kind of risk. It is more challenging and complex to deal with than natural disasters, for example, and requires a different approach. “Cyber risk has been identified as a main problem of the 21st century, but the insurance industry is still using tools or methodologies from the last century,” says Thierry Murté, CEO and co-founder of CyQuant. His company has developed an innovative platform that allows the insurance market to estimate cyber risk in monetary terms, manage risk accumulation at portfolio level and decrease risk exposure via CyQuant’s risk mitigation system.
Cyber risk has been identified as a main problem of the 21st century, but the insurance industry is still using tools or methodologies from the last century.
The originally Swiss start-up considers Luxembourg as a place to be. “The country is a reference in the world of finance, which reinforces the interest for cybersecurity start-ups to be present and active here,” Mr Murté points out. The CEO of ODIX, which came to Luxembourg when the European Investment Bank bought its technology, agrees. “A high number of financial institutions, banks, insurance companies and so on are concentrated here in a small area,” says Dr Eytan. “Luxembourg is really a good starting point for us.”