Monique Morrow

Chief Technology Strategist


Screen Shot 2018-05-21 at 11.25.52.png

October 2017

At which point will you start to think about cybersecurity?

This is a question posed for you as investors and leaders of developing companies. Industrial cyber-attacks are becoming global in nature, as 54% of sampled organizations have experienced at least one incident on their industrial control systems in the past 12 months. In today’s world, it has become critical that organizations put in place the necessary policies, procedures, and staff in order to manage these risks.


Take a deep look at incidents such as the “ShadowBrokers” hack in 2016, or most recently, the WannaCry ransomware attack this past May that affected more than 200,000 systems in 150 countries around the world.

As Galina Antova, co-founder and Chief Business Development officer at Claroty has said, “We are no better off today in terms of cybersecurity readiness than we were 10 years ago...The theoretical is becoming reality and, unfortunately, we aren’t prepared to counter the threat just over the horizon.”

When we realize how every aspect of our lives are connected to the Internet of Things, it becomes necessary to see just how many opportunities there are for cybercrime (think: cloud data, artificial intelligence, mobile malware…the list goes on.) In 2017, these attacks have become none other than the norm.


So when do you, as investors, start to prioritize cybersecurity mechanisms with your emerging CEOs? When does this new world we’re living in actually become a reality?

From government computers to railway tickets to gas and telecom firms, the attacks that have occurred globally are merely the tip of the iceberg.

The recent Swedish Data Leak is potentially the largest in the nation’s history—a legendary IT security slip up that exposed the name, photo, and home address of millions of Swedish citizens.

But, that’s neither the beginning nor the end. Take the recent data breach of the credit-reporting agency Equifax, which compromised the personal information—including Social Security numbers, birth dates, addresses, and more—of 143 million consumers. Just this month, parent company of Yahoo, Verizon,  announced that a 2013 Yahoo data breachaffected every single customer account that existed at the time. That’s three billion customers.

As the U.S. Securities and Exchange Commission states, “Cybersecurity is a responsibility of every market participant.”  

In June, the Journal of Petroleum Technology highlighted findings from another 2017 report which found that “the deployment of cyber security measures in the industry isn’t keeping pace with the growth of digitalization in oil and gas operations.”


In today’s age, these oil and gas organizations are in dire need of deep cybersecurity expertise, as well as a multidisciplinary team that includes stakeholders from IT, legal counsel, risk, privacy and business units.

So what about the rise of cyber-insurance? Yes, the market is continuing to experience strong growth. But cyber insurance, unfortunately, is not a proper safeguard against all attacks.

In may of 2018, Europe will implement the EU General Data Protection Regulation(GDPR), which will replace the Data Protection Directive 95/46/EC. The goal is to harmonize data privacy laws across Europe and to reshape the way organizations across the region approach data privacy. Although many key points are clear, there are many details of the regulation that have yet to be determined.

So what is emerging? A world in which cybercrime and extreme regulation of data privacy become the norm. A world in which machine learning is used to combat these cyberattacks. Machine learning and artificial intelligence can scale up to the challenge posed by attackers, but as data scientist Hyram Anderson puts it, “Machine learning is not a silver bullet. It has blind spots.”

At the end of the day, the question remains: what are YOU as an investor going to do for your company with regards to our global cybersecurity problem?

We can offer three solutions:

  1. Consider a cybersecurity portfolio
  2. Develop a vulnerability assessment score card at board level
  3. Invest in cybersecurity centers of excellence

We may not be able to win the battle against cybercrime just yet, but we can at least start.


  • International Association of Privacy Professionals, IAPP,
  • International Information System Security Certification Consortium,
  • EU GDPR,