Request A Consultation

The Cybersecurity Industry is Under Scrutiny Yet Again

Jerald Dawkins, PhD, Chief Technology Officer at CISO Global 

In the weeks following the CrowdStrike global tech outage, cyber companies and their end-users alike are evaluating their incident response plans. It likely won’t be long until we see changes in cyber insurance eligibility requirements too…

Unfortunately, the cybersecurity industry has been in the crosshairs once again due to the global Microsoft outage caused by CrowdStrike’s disastrous software update on July 19th. Coincidentally, just five days following the CrowdStrike issue, the US District Court for the Southern District of New York dismissed a case involving another notable cybersecurity company, SolarWinds. In this case, the judge determined that SolarWinds had no obligation to disclose individual cyber incidents and that they had not advertised an ability to prevent all cyber incidents in their network. As a result, the case was thrown out. 

While the CrowdStrike incident was more self-inflicted and technically not a malicious cyber-attack, it is still considered a denial-of-service event that had a significant impact on its clients on a global scale. This reminds me of another notable self-inflicted failure: the Colonial Pipeline incident. Although it involved an actual ransomware attack, the denial of service to the physical oil pumping systems was self-inflicted due to the team’s cybersecurity response – or lack thereof. 

Change on the horizon for the cyber insurance industry?

This latest incident has undoubtedly led many to review their business interruption, contingency plans, and cyber insurance policies. What will be interesting is whether there will be any limitations in coverage. I’m sure many will begin to have coverage exclusions that include “failures caused by non-malicious acts, including human error.”

I am interested to see the impact on the cyber insurance industry. There are already rumblings of legislation regarding redundancy and many conversations around single points of failure. While it’s essential to evaluate these issues from different perspectives and explore ways to increase our cyber resiliency, I don’t think this will be the last incident of its kind. We need to work harder and more diligently to prevent these types of incidents. Even more importantly, we need to be more prepared in our response when outages of this nature ultimately occur.

The shift from security to resiliency

To my colleagues in the cybersecurity industry: do better. This one is seemingly pretty simple: implement a sound SDLC process—we need to practice what we preach. To our clients: we need to shift our mindset from cybersecurity to cyber resiliency. I’ve always said cybersecurity is a team sport; in other words, it requires layers, not just a technology stack. Vendors are always going to try and sell you the next tech to solve “all” your cyber security problems (this is a huge red flag when shopping for cyber services, by the way). The reality is we must take a layered security approach that includes testing and validation (i.e. risk assessment and pen testing), technology (i.e. CHECKLIGHT® endpoint protection), operations (e.g. Secure Managed Services), and insurance should all of the above fail.

While these incidents highlight significant challenges in the cybersecurity landscape, they also present opportunities for growth and improvement. By learning from these failures, both industry professionals and clients can work towards a more resilient and secure digital future.


Jerald Dawkins, PhD

About the Author

Jerald Dawkins is the Chief Technology Officer (CTO) for CISO Global and has founded and exited several cybersecurity companies, including True Digital Security and TokenEx, LLC, both based in Oklahoma. (True Digital Security was acquired by CISO Global in January 2022.) He currently holds three (3) patents in the cybersecurity field. Additionally, Jerry has secured millions of dollars in over twenty-five (25) federal and industry research grants for cybersecurity research, in addition to having served as a cybersecurity advisor for Department of Homeland Security Inter-Agency Board supporting the First Responder community. As a tireless advocate for technological and skills development, Jerry has also held numerous board positions supporting STEM education and actively advises the technology innovation community in Tulsa, Oklahoma.

Jerry’s elite combination of security and technology expertise, business acumen, and creativity has positioned him as a thought leader in the field of information security and cyber resilience. 

He received his Bachelor of Arts degree in Computer Science from Fort Lewis College in Durango, Colorado, and his Master of Science degree from The University of Tulsa. His PhD dissertation, also from The University of Tulsa, focused on heuristics for scalable compound exposure analysis.