A recent article by smeweb.com (http://www.smeweb.com/2019/06/18/beware-cyber-attack/) states that more than half of British firms have been the victim of a cyber-attack in 2019. It is highly likely that insurance will only part cover the costs of recovering back to Business as Usual, so how can insurance providers help their clients understand what it takes to ensure appropriate measures are being taken towards achieving compliance?
Businesses of all sizes, across almost every location in the world and in every business sector rely on technology and digital in order to perform its (even most basic) functions. However, whilst more and more businesses seek to maximise the opportunity that this “4th industrial revolution” brings, the threats to businesses are even greater and (through lack of awareness) even easier than in previous times.
Let’s add the level of accountability that sits at the top of the organisation into the mix, and we can quickly ascertain this as a defining time for organisations and ultimately those who do not adapt to these seismic changes will soon give way to those organisations that have the appropriate measures in place to defend their business when the situation arises.
A common misconception is that cyber insurance will cover organisations against data breaches or cyber attacks to the organisation. What these providers often leave within the small print for organisations to find out for themselves is that the insurer will state that organisation must have appropriate measures in situ in the first place before a payout will be considered.
The question is – who is providing the relevant checks and balances to those who underwrite such policies in order to help identify the risks and vulnerabilities that they should be checking with their customers prior to offering the policies?What intelligence can be drawn from previous incidents (not just for the organisation but also those linked to the business such as suppliers, vendors, business partners etc) to ensure that the right questions are being asked prior to a decision on a policy (and adequate excess fee/cover)?
Given the recent introduction of regulations and legislation – particularly around Data Protection – means that Cyber security is establishing itself firmly at the top of the agenda across most board rooms. This isn’t a surprise when you consider the amount of information that is being collected, processed and stored by organisations (as well as their supply chain) cross many internet entry points, and on a range of inter-connected devices (not just mobile phones & laptops but also smart meters, door bells, speakers, vehicles, televisions, games consoles to name but a few) and the fact the new regulations, legislation and industry compliance frameworks hold those at the top of the organisation ultimately accountable for non-compliance. Terms like “spear-phishing”, “SMiShing”,“Vishing”, “Malware”, “Ransomware” are now established terms that are discussed more frequently now than they were 10 (possibly even 5) years ago.
It is more important now than at any time before to not only understand the cyber security strategy of an organisation, but to ensure that insurance providers are offering business solutions and guidance to help businesses understand how they can protect their organisation from such threats which can only benefit the providers and policy holders alike.
For more information and guidance on compliance controls and an assessment of your business, contact firstname.lastname@example.org today.