There are two types of companies: Those that have been hacked, and those that will be. And extending that thought further: Those that have been hacked, and will be again. With more and more companies going digital, the risk of a cyber attack increases. Every system upgrade, remote device, and incoming email exposes a company. With the average cost per cyber attack in 2013 at $5.4 million, companies can’t afford to leave themselves unprotected.
Building a Robust Defense: Preventative Measures and Employee Education
There are several preventative measures companies can take to protect themselves from cyber-attacks. Having a plan in place to combat these attacks is the first key. A digital security assessment will give the complete picture of an organization’s security posture that focuses on policy, controls, procedures, and effectiveness of the plan implementation. Once an assessment is done and a plan is in place, continuous testing and improvements are necessary.
One of the biggest exposures to cyber attacks is a company’s own employees. Making sure employees are educated and know what to look for when an attack may be happening is crucial. This includes suspicious emails and requests for information. If a company’s employees know what to watch for, this will decrease the chances of a successful cyber attack.
Other than the human element, companies should also look into other attack areas. Some of these areas include providing IT with information on security measures and software updates limiting employee access to sensitive information, recognizing the risks of employees’ personal devices for company data, and limiting the number of third-party vendors that have access to company information.
Data backups of company information are important and developing a secure culture within an organization is a good plan to have in place. However, a company can take all of the steps possible and still have a data breach and lose all company information. What protects them when the preventative measures don’t? Cyber Liability Insurance.
Cyber Liability Insurance: The Ultimate Safeguard for Businesses
Cyber Liability Insurance protects a business when all preventative measures have been taken and a cyber attacker still gets through. The cyber risk can then be transferred to an insurance policy. There are three basic elements to a good cyber insurance program: legal liability, business interruption, and coverage for breach notification costs. The legal liability component will protect the insured from lawsuits that arise out of a data breach.
Business Interruption Coverage will replace lost revenue from downtime while a breach is being looked into, which could take months to complete. Breach of notification costs is the cost to notify the public that a breach has happened. While a cyber liability policy can be tailored to each company’s needs, a cyber liability policy must encompass all three elements to provide adequate coverage to the insured.
With an average of 10% of companies buying cyber liability insurance, and nearly 90% of businesses having a cyber attack within the last 12 months, it is obvious cyber liability insurance is an important coverage to purchase. Not only are there substantial financial costs associated with a cyber attack, but a company can also suffer considerable damage to its reputation. Cyber Liability Insurance is the perfect way to remedy those damages.
References
Findings from the Chubb 2013 Private Company Risk Survey
The Risk Report, Cyber and Privacy Insurance Coverage, Volume XXXVII No 11, July 2015
The Risk Report, Plan to Protect Digital Assets, Volume XXXVIII No. 2 October 2015