At a glance.
- Wavenet acquires OGL.
- KKR acquires Barracuda Networks.
- Cyber war clauses coming to insurance policies.
Mergers and acquisitions.
United Kingdom-based telecommunications and technology provider Wavenet has acquired IT support, IT solutions, cloud computing and cyber security businesses from OGL Computer Support Holdings, also based in the UK. Note: the following correction was received on 8.25.22: OGL Software which provides ERP solutions will remain an independent business. Wavenet says this acquisition makes the company one of the largest UK providers of cybersecurity and unified communiucations. “It is an extremely exciting time for Wavenet with this acquisition, OGL IT and CyberGuard Technologies bring a wealth of knowledge and experience, enabling the Wavenet Group to strengthen its offerings and enhance the service provided to our customers,” said Bill Dawson, CEO of Wavenet.
Investment firm KKR, headquartered in New York, has completed their acquisition of cloud security provider Barracuda Networks, previously owned by investment firm Thoma Bravo. The acquisition was reported to be about $4 billion. Barracuda Networks currently serves about 200,000 customers.
Singapore Telecommunications (Singtel) may be selling its cybersecurity business Trustwave Holdings. The sale is estimated to be valued between $200 million and $300 million. Bloomberg reports that the “Considerations are preliminary and Singtel could still decide to retain the asset.”
Cybersecurity company GreyNoise Intelligence, based in Washington, D.C., has completed their acquisition of South Carolina-based software company Krit. Founder and CEO of GreyNoise, Andrew Morris, said, “With this acquisition, we are ensuring that we can continue to elevate our product design and make the user experience we deliver a competitive advantage. This investment will further empower our customers with the tools they need to understand and defend against emerging cyber threats.”
(ISC)² shared the results of a member poll, which revealed that cybersecurity professionals are aligned with the workforce, preferring remote work options over being required to be in-office full-time. It was found that 18% of poll respondents would look for a new job if they were told to return to the office, and 33% were unsure, with about half (49%) saying it wouldn’t make a difference. Some, however, prefer to work from the office, with social interaction being a driving factor for half of the respondents. Still, 35% of respondents said they preferred working from home full-time. It seems that the most important thing to cybersecurity professionals is choice – giving employees the option to be remote or in-office.
Cyber war clauses coming to cyber insurance policies.
Insurance Day reports that Lloyd's Marketing Association has mandated that all cyber insurance policies must, by March 31st of next year, contain an explicit clause "excluding liability for losses arising from state-backed cyber attacks." That clause would be in addition to the typical war clauses that have long excluded coverage of losses caused by action in a conventional war. The requirement for an explicit exclusion of liability for state cyber action seems to recognize the growing risk of gray zone conflict. Insurance Day quotes Lloyds as explaining, "It is important that Lloyd’s can have confidence that syndicates are managing their exposures to liabilities arising from war and state backed cyber-attacks. Robust wordings also provide the parties with clarity of cover, means that risks can be properly priced and reduces the risk of dispute. The ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread, and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb.”
The Record by Recorded Future reports that co-founder and CEO of cyber insurance company Coalition, Joshua Motta, shared that the burden is on the insurer to prove the applicability of the exclusion, and that Lloyd’s “seeks to remove ambiguity in how the war exclusion will be applied,” which he says is “sound in principle, but it is not yet clear whether it will achieve its goal in practice.” While this attempt is to remove ambiguity, Security Week reports that attribution is still difficult, even with the four provided model clauses for underwriters to choose from. The “primary but not exclusive factor in determining attribution” is left to the victim’s security and intelligence agencies, but it expands on the rule, saying, “Pending attribution by the government… the insurer may rely upon an inference which is objectively reasonable as to attribution of the cyber operation to another state or those acting on its behalf. It is agreed that during this period no loss shall be paid.” The issue lies with defining what falls under ‘acting on [a nation-state’s] behalf.’ While not all threat actors are government sanctioned, many are still known to and tolerated by the government.