In this new blog we continue our interview with Patrick
Cruikshank on cyber risks. To read part 1 of the interview click here.
What can businesses do to plan ahead for cyber risks?
There are two main things I want to highlight:
First, we all must appreciate that the question is not who or why; it’s how or when. All businesses need to accept that they are vulnerable. The very nature of the connected world today makes us all vulnerable. Some businesses feel they aren’t a target because they are small and unknown. They may not be the direct target, but for a cybercriminal they could be used as a means to an end, making them an indirect target.
Many small or medium sized businesses have contracts with larger multinational companies, making them an important part of a larger supply chain. Cyber criminals will target those types of small businesses, who often have less sophisticated cyber security protection. It is a smart way to gain access to larger companies’ information or networks.
Secondly, we all need to understand and accept that data security is non-negotiable. This means that response planning or continuity planning is very important. No business would get caught without a fire evacuation plan because the consequences are huge. If you don’t plan right for fire, it could lead to the death of an employee. Similarly, if a company is breached, they need to have the same procedures in place, including how to get back to normal operations. If you don’t have a plan, if you don’t have data backups, the consequences are just as dire.
Is cyber risk insurance necessary if you have a robust security software system?
Companies like Apple, Home Depot, Walmart, Target and other large multinational corporations have experienced huge breaches. These companies spend hundreds of millions of dollars on cyber security. Even the most expensive and robust systems can be outdated or have vulnerabilities. Cyber Risk Insurance, like many insurance products is about risk transfer. The very nature of insurance will not stop an accident from happening, but like a car airbag, it may provide enough for a business to survive an incident.
Cyber security threats are inevitable, whether it’s from a malicious attack, from an exposed third party, or a simple human error. Insurance can’t prevent these attacks, but it can help keep your business running.
What are some of the key features of Cyber Risk Insurance?
One of the most important coverages people overlook when speaking about cyber insurance is business interruption. Every business today is reliant on computers in some form or another. Businesses will usually have to stop operations when remediating a cyber-security incident. In such an instance business interruption coverage provides for the loss of business income that a business suffers resulting from the inability to use digital assets that have been stolen, encrypted or corrupted.
To stay up to date on the latest on risk management, cyber threats, and insurance, follow us on twitter!