Cybersecurity Insurance and Data Analysis Working Group (CIDAWG) Relaunched to Tackle Rising Cyber Risks

Washington, D.C., USA – In response to the growing threat of cyber incidents and the subsequent financial losses experienced by critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) announced the relaunch of the Cybersecurity Insurance and Data Analysis Working Group (CIDAWG). The initiative was revealed during the Catastrophic Cyber Risk and a Potential Federal Insurance Response conference, organized by the Treasury Federal Insurance Office and the New York University Stern School of Business.

Unlike its predecessor established in 2014, the revamped CIDAWG aims to foster collaboration with industry partners to address shared concerns. Specifically, the focus will be on identifying effective security controls to defend against cyber incidents, providing organizations with insights to allocate resources efficiently. The government, in turn, can ensure that future investments have a substantial impact.

The modern digital landscape, while fostering global connectivity, introduces new points of failure in the form of potential cyber threats. Ransomware incidents, in particular, have surged, severely impacting business processes and resulting in substantial financial losses. To combat this crisis, CIDAWG will partner with Stanford’s Empirical Security Research Group to correlate data with cybersecurity controls, intending to gauge their effectiveness. The analysis will serve as a valuable resource for insurers in risk analysis and aid CISA in evaluating initiatives like the Cyber Performance Goals and the Secure by Design initiative.

CIDAWG forms a crucial component of CISA’s broader efforts to combat ransomware, complemented by tools such as the Joint Ransomware Task Force, Ransomware Vulnerability Warning Pilot, and the Pre-Ransomware Notification Initiative. The latter receives early-stage ransomware activity tips, enabling early notifications to prevent potential attacks.

Furthermore, CISA continues to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022, emphasizing the importance of reporting cyber incidents promptly. The collaborative approach outlined in the National Cybersecurity Strategy underscores the need for coordinated action across government, the private sector, and society to collectively drive down cyber risk and prevent future cyberattacks.

Deputy Director of CISA, Nitin Natarajan, expressed optimism about the relaunch of CIDAWG and its role in enhancing the threat landscape, preventing cyberattacks, and ultimately reducing cyber risk.