The US Cybersecurity and Infrastructure Security Agency (CISA) is set to relaunch the Cybersecurity Insurance and Data Analysis Working Group (CIDAWG) in December [1] [2] [3]. This initiative aims to enhance security measures against ransomware attacks by researching the most effective security controls.


CIDAWG will collaborate with industry experts and Stanford University’s Empirical Security Research Group to analyze aggregated and anonymized loss data. The goal is to link this data with the effectiveness of security controls, providing valuable insights for insurers’ risk analysis. Additionally, this analysis will help CISA evaluate the impact of initiatives such as the Cyber Performance Goals and the Secure by Design initiative in reducing cyber risk exposure for organizations [2].


The relaunch of CIDAWG aligns with the government’s objective of improving baseline security and making a significant difference in the fight against cyber threats [1]. By focusing on researching effective security controls and analyzing loss data, this working group will contribute to mitigating ransomware losses and informing risk analysis for insurers. Furthermore, it will help CISA assess the impact of key initiatives on reducing cyber risk exposure. This renewed effort demonstrates a commitment to enhancing cybersecurity measures and protecting organizations from cyber threats in the future.