Probably one of the most talked about cyber attacks in recent times was Sony’s. And while the Hollywood hack made headlines around the world (and reportedly cost Sony $170 million to deal with,) every day, businesses are quietly dealing with cyber attacks, and it’s costing them $400 billion each year.
Many corporations are beginning to see why cyber security is a board-level issue, and they’re working to vastly improve systems. In fact, some estimate the spending on cyber security will grow from about $75 billion in 2015 to $170 billion by 2020.
This will no doubt play an important role in proactively defending against breaches and attacks, but it’s nearly impossible to detect or block every threat.
That’s why the first step in protection is to understand the potential damages and liabilities that a cyber event could impose on your company. This will help ensure you have adequate insurance coverage in place to protect your balance sheet.
But cyber security cannot and should not stop at insurance.
Insurers want to know you have processes in place to manage the risk consistently and long term. For this, you need expert help to assess your current situation, to implement programs to protect the company, and create a response plan in the event you’re under attack.
Assess Your Current Situation
Did you know it takes an average of 158 and 256 days before a business discovers a data breach or cyber attack? This, according to Ponemon Institute and IBM. Even large, sophisticated companies can have cyber events go unnoticed for a long time – like Sony, which reportedly went on for a year before anyone noticed.
A cyber assessment is a crucial part of your overall risk management. In fact, one of the first things a cyber assessment does is examine if your company has already been attacked. The second step is finding out how deep attackers can get if they tried.
Based on the results of the assessment, a thorough cyber security plan will outline exactly how to remedy any weaknesses you have in your systems, and even how to implement cyber security company-wide through education and policy.
Create a Response Plan
When a cyber attack or data breach does happen, you want to be prepared with a response that’s ready to be put into action immediately. Action plans cover everything from identifying the scope of the breach, stopping the attack and restoring operations to communications strategy, public relations and gearing up for potential litigation, in some cases.
Cyber insurance is a part of that response plan, and needs to be carefully negotiated to make sure it responds to what your company needs it to.
From assessments to placing the right type of cyber coverage, corporations are turning to the specialized expertise of their brokers to facilitate it all. Your broker is a key part of your risk management team, and should play an important role in making cyber attacks and data breaches less likely, and making sure that insurers respond well when they happen.
Once you demonstrate to insurers that cyber security is a priority, your risk profile will improve over time, and in turn, you’ll be able to enjoy more cost-effective cyber insurance coverage.