Cyber Planning for Uncertainty
2–24–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, February 24, 2025 and if there’s one word that can sum up 2025 to this point it’s “uncertainty.” I want to spend a little time together today to translate what it might mean on your side of the desk.
Cyber Planning for Uncertainty
Regardless of your own political orientation, one thing is abundantly clear with the new Trump administration here in the United States, and that is the notion of “business as usual” has been thrown out the window.
Without debating the legality or even effectiveness of current efforts by Elon Musk and the DOGE team, or by the new leaders of Cabinet level or Military and Intelligence functions, we can all see that there’s a massive amount of uncertainty at every level.
In particular, I think there are a few things we should be mindful of as cybersecurity practitioners as we navigate this uncertainty to the best of our abilities.
First and foremost, we need to redouble our focus on the things we can control, and work hard to not get sucked into the spaces where we take on stress but can’t make a difference. I know this is easier said than done, but spending extra cycles in ways that add stress is the last thing we need to remain effective for our teams and our stakeholders.
Secondly, I think that we should adopt a bias towards action in these moments. We can’t lean on game theory concepts to lay out what might happen at the government level, or with our adversaries, or even with our allies, but rather need to make the moves that are best for us with the limited information that we have. Getting enough information to reduce uncertainty is going to come at an opportunity cost that is frankly too high to bear for most of us, and that cost will be largely hidden until it’s too late.
Third, I think we have to recognize that opportunists are going to exploit these windows. When we have cuts at CISA, changes at the FBI, and new leadership across the military, combined with raging questions about whether or not Federal civilian employees need to respond to an email from OPM by midnight tonight, threat actors are going to take advantage of these windows. Perhaps that means they’re only going to target government assets, but the reality of these attackers is that they’ll take anything they can get, so if your team isn’t already on high alert, I’d suggest turning that up just a touch.
Fourth, and finally, we often use the notion of “likelihood x impact” to calculate overall risk scoring as we work through all the things that we night need to account for from a cyber perspective. I think you’d be justified in turning that likelihood level up a notch, or even two, and should make sure that your senior leadership team has been giving the same amount of thought to these sort of contingency plans. It’s a fine line between preparing and catastrophizing, but I do think that the level of uncertainty we’re seeing here in the US and abroad is worth acknowledging and planning around because if there’s one thing that is certain, it’s that we’re going to be dealing with exaggerated levels of uncertainty for the foreseeable future.
Fundraising
From a fundraising perspective, we are back to more normal levels this week, checking in at just over $8.3B in newly committed capital, largely led by industry stalwarts Neuberger Berman, who closed on $1.6b for its third specialty finance fund and GTCR, who raised $3.6b for its second strategic growth fund.
Reporting on the Insight Partners cyber incident remains unclear, though TechCrunch is “suggesting data may have been accessed.” Given the type of companies that Insight has invested in, I’m sure there are plenty of people who would love to see their data. Perhaps we’ll learn more in the coming weeks, but I wouldn’t hold my breath.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/
https://www.infosecurity-magazine.com/news-features/cybersecurity-challenges/
https://therecord.media/hegseth-cyber-command-2-0-review-authorities-wish-list
https://berthub.eu/articles/posts/you-can-no-longer-base-your-government-and-society-on-us-clouds/
https://techcrunch.com/2025/02/18/vc-giant-insight-partners-confirms-january-cyberattack/