Early days in the industry, we are talking about information security to protect the information so as to minimize the impact due to unnecessary disclosure, unauthorized modification or unplanned downtime. It covers every information taxonomy under the sun.
Suddenly, cybersecurity comes into the place. And adding cyber as prefix becomes a fashion. Vendors are trying to convince customers their products or services are addressing the market needs with hi-tech.
To me, cybersecurity is a subset of information security. At least the hardcopy information container is excluded from the cyber perspective though hardcopy becomes less and in diminished usage.
There are many cyber stuffs: cyber workforce, cyber maintenance, cyber hygiene, cyber insurance, cyber warfare, cyber defense, cyber range etc.
Pick cyber insurance as an illustration. This becomes a focus area in the industry and relevant standards are being developed such that work practices are consistent.
However, cyber insurance isn’t bullet proof. If your infrastructure has weakness, repeated cyber attacks are possible. The sole value of cyber insurance is to demonstrate due diligence of an organization; and indemnify the 1st party cost (containment, recovery, investigation expense by the insurer) and any 3rd party claims arising from the cyber attack.
The ultimate resolution is to learn from the cyber incident, address what goes wrong to strengthen the underlying infrastructure and systems.