BreachExchange mailing list archives
Cyber insurance: Can it save your business?
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Tue, 19 Sep 2017 18:48:47 -0500
http://www.idgconnect.com/blog-abstract/27961/cyber-insurance-can-save-business Take all the time you want preparing for a cyberattack. Go right ahead and spend money on IT security experts. By all means educate staff about the dangers of cybercrime. Absolutely do run stress tests and build cyber crisis-management plans. After all, fail to prepare = prepare to fail, right? Well yes. But are you sure that’s enough? Is any business safe these days, really? Even a cursory glance at the news says possibly not. Just how big do organisations have to be before they’re immune? *WPP <http://www.independent.co.uk/life-style/gadgets-and-tech/news/wpp-hack-ukraine-cyber-attack-wannacry-petya-security-a7810756.html>* big? *TalkTalk <http://www.bbc.co.uk/news/business-37565367>* big? *NHS <https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20>* big? Apparently not. The uncomfortable truth is every organisation – regardless of size, type, location and industry – is a target for unscrupulous cyber criminals. Accept that and you’re halfway there It’s all very well moving heaven and earth trying to stay safe, but the increasing frequency of successful attacks on seemingly impenetrable defences (ironically, even *the UK government’s Cyber Essentials website has fallen victim*) tells us that might never be enough. What if your antivirus misses an update? What if an absent-minded employee clicks a link in that convincing-but-fake phishing email? There’s an element to successfully overcoming cybercrime that no one’s talking about. And it’s not what to do *before* an attack. It’s what you have to do *after*. You can spend time and money pulling up the drawbridge but, if that’s not enough, you’ll need to spend much more of both these things getting back on your feet. Again, a quick look at the news tells you all you need to know about the damaging, debilitating, inconvenient, distressing and business-crippling effects of cybercrime. So you need to prepare for that too. Six ways cyber insurance helps Problem is, that’s a whole new set of unknowns. You’ll have questions about how long it takes to recover, how much help you’ll need, where to go for that help, how much everything costs, what happens to your business in the meantime, what the consequences are for your clients ... and so on. These are all questions cyber insurance answers. Here’s how: Finding out what’s wrong Identifying the problem and working out what has to happen next are essential first steps to post-attack recovery. You’ll need expensive, specialist IT help to do this but that’s OK because your cyber insurance pays the bill. Dealing with the bad guys Ransomware seems to be many cyber criminals’ weapon of choice. Even though there are ways round it, and cyber security experts’ advice is almost always ‘don’t pay up’, you can’t sit back and do nothing. Thankfully your cyber insurance brings in a consultant to manage the situation and, if there’s really no other option, pays the ransom too. Fixing what’s broken Hardware, software, websites and almost anything IT-related is expensive. Cyber insurance pays to repair, restore or replace systems, data and websites damaged by a hack. Meeting your legal obligations You’ll need to report a data breach to the *ICO <https://ico.org.uk/>*. You’ll also need to tell your customers and suppliers, and fend off the likely (or inevitable) confidentiality claims against you. All these things need a solicitor’s touch – your policy provides and pays for this essential expertise. Keeping your business going The longer you’re digitally hamstrung, the more it’ll cost you. If business as usual isn’t possible, cyber insurance covers the income gap between what you should earn and what you actually do. Protecting your reputation No such thing as bad publicity? Easy to say when it’s not your company name in the headlines. Cyber insurance pays for a PR specialist to placate irate customers and keep your good name intact. All in all, pretty useful stuff. But before you rush out and buy the first cyber insurance policy you see, a word of warning. Not all cyber insurance is the same. Different policies can cover different things and it pays to do a little homework. If you’re not sure what to look out for, ask a specialist broker to de-code the policy wordings and tell you what’s what. You don’t want to end up with something that won’t actually help when you need it.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Cyber insurance: Can it save your business? Inga Goddijn (Sep 20)