Cyber Risk / Cyber Insurance – Fact check
1. Uptake of cyber insurance is growing but only slowly
2. In terms of frequency, the main risks remain ransomware and business email compromise
3. Businesses assume they are not really a target for Ransomware
Belief: Ransomware attacks are only perpetrated by organised crime groups, against major targets.
Reality: Any industry sectors could be a target.
Ransomware is aimed generally at any business where a weakness may invite an opportunity of financial gain for the criminals.
4. Remote working – Business resilience
“Remote working is here to stay, yet only 40% of organisations report having adequate remote work strategies to manage this risk. Ransomware poses a business interruption and balance sheet risk, but only 31% of organisations report having adequate business resilience measures in place”
Security was secondary for many businesses, initially because they had to move quickly. That has improved as we have been doing it for a year now but there is no doubt the whole work from home switch has blown a hole in the protections many firms had in place.
One of the dangers of security awareness is that it seems so vast and difficult to understand but if you take care of the basics then you are making big steps towards being protected. Just don’t get overwhelmed. You can read about some of the very sophisticated digital threats but you don’t need to turn yourself into an expert. It is about taking care of the basics.
“If you have good basic cyber hygiene then you stop 90% of the problems”
6. Cyber risk management
Multi-layered approach to cyber protections is highly recommended. The combination of a series of barriers to cyber-crime, is far more effective than any one part on its own, however strong, and up to date.
- Use of firewalls and anti-virus to stop intrusions.
- Detection software to alert the business to any infiltrations.
- Password complexity and management to keep that form of authentication strong, and a further randomly generated code, to form multi factor authentication, making access as difficult as possible to criminals.
- Restricting user privileges, so staff can only access what they need to perform their duties.
- Stopping use of users own equipment and blocking use of removable media stops vulnerabilities being introduced.
- Email encryption and use of a virtual private network will also help secure data and message traffic in and out of a business.
7. Importance of Staff training
As technology evolves, so too will the cyber exposures we all face. Staff training on what to be aware of, what to look for, what’s good and what’s bad, should be the cornerstone for a business’ cyber protections.
90% of all breaches is because of someone clicking on a malicious link or visiting a website they shouldn’t. It is something that can easily be avoided if adequate training is given.
8. Is Cyber a fast-moving field
Yes, the moment you fill in the proposal form it is almost immediately out-of-date, so you need to have a continuous conversation.
9. Why are definitions across the market is being inconsistent
Definitions are evolving alongside the risks but that is hardly surprising:
It took 400 years for property cover and its definitions to evolve. Cyber insurance has been around for only 18 years, much much less in India, so it is still evolving
Adapted from Insurance Hound