This article offers different reasons about the importance of having insurance against cyber risks.
by Genetec
Cyber threats are becoming the number one business risk for organizations of all sizes. From system hacks and DdoS attacks, to ransomware, news about cyberattacks is constant. While it is true that there are fewer reports of attacks like the one yahoo suffered in 2017, where the personal information of 3 billion users was exposed, this is not a reason to let your guard down. According to McAfee, a firm specializing in computer security, the economic impact of this illicit activity in Mexico is three billion dollars a year.
In this way, we need to be very clear about what we mean when we talk about cyber risks. According to the consultancy Deloitte, they are those crimes that involve fraud, the theft of information and money through digital access. In most cases, its consequences are:
Interruption of services.
Corruption or destruction of data.
Extortion activities where they request money, access or corporate secrets from victims.
Damage to the reputation of the company.
Privacy risks for customers and employees of the company.
This is why governments are stepping in to update policies and standards that hold more organizations accountable. For example, the European Union's (EU) General Data Protection Regulation (GDPR), which came into effect in 2018, requires companies to adhere to specific standards of governance and accountability in the processing and protection of data related to EU citizens. This new legislation also stipulates that, in case of non-compliance, companies must inform the supervisory authority within 72 hours. Failure to comply with these regulations could result in fines of up to $20 million or 4% of the company's global annual turnover.
While organizations have been busy trying to understand the impact of these new requirements and putting in place the necessary steps to meet them, few are certain of being protected from loss in the event of attacks, data breaches, or unintentional breaches.
What is cyber risk insurance?
Insurance policies are nothing new to most organizations. However, as risks evolve into cyberspace, so do policies. Today, there are more than 100 insurance companies around the world that offer cyber risk insurance that helps absorb customers' risks when an attack occurs. Hart Brown, a cybersecurity expert at Firestorm Solutions, a crisis and risk management firm, estimates the global market value for written cyber risk policies to be around $2.5 billion. Insurance providers like Allianz predict this figure could reach $20 billion by 2025.
"Cyber risk or cyber liability insurance helps mitigate risk and uncertainty. In the event of a cyberattack, insurance will give companies peace of mind and ensure they can access funds to manage a response and keep the business running," shares Philippe Verrier, a cybersecurity expert at Genetec.
For security system integrators, there is also an opportunity to improve their cybersecurity posture and display this insurance as proof so their customers know they follow strict cybersecurity protocols. This is because, in order to be eligible for the policy, the integrator must demonstrate that it complies with advanced cybersecurity standards and measures. Even when the policy is active, if the integrator makes an insurance claim, it will need to demonstrate that all cybersecurity best practices were implemented from the start of the project, otherwise insurance collection could be denied.
Taking responsibility for risk beyond insurance
Since cyber risk insurance is a new product, there are still many unknowns for insurers about how to properly assess and calculate risks. Typically, the cost of coverage involves completing a standard questionnaire about IT policies, the hierarchy of the organization, the size of the IT infrastructure, and the nature of the business. In many cases, insurance providers tend to overestimate the consequences and liabilities, keeping premiums high.
Still, businesses can't rely on this insurance to save themselves from unexpected cyber threats. Insurance only helps absorb costs in the event of an attack. In this way, it is necessary for companies to continue to maintain the highest cybersecurity standards that include the implementation of various levels of defense, such as encryption, authentication and authorization. It is also suggested to include the use of various tools to better protect data privacy and the proper installation of devices with strong passwords.
"Organizations should take the time to properly examine their suppliers and select partners who prioritize cybersecurity in their product development," said Philippe Verrier, who is also Business Development Manager at Genetec; "They should be aware of updates and patches to their systems, to make sure they are working with versions that have fixed known vulnerabilities. It is also important that they take a more active role in training their employees, demonstrating general guidelines that can help them avoid unnecessary risks."
Three Key Considerations When Buying Cyber Liability Insurance
1. Identify risks: Since cybersecurity can encompass many facets, so can liability insurance. Experts say there are up to 12 different types of coverage available. That's why it's critical to have a clear understanding of the cyber risks for which the organization needs protection. These can include a variety of computer and physical risks, ranging from data breaches to theft of corporate assets. When a company is specific about the potential vulnerabilities it needs to address, it is in a better position to find insurance that meets your organization's needs.
2. Know what the policy covers: Cyber risk insurance does not need to be independent. Existing insurance policies could be very complementary to these new cyber-policies. Some businesses may request a combination of these products to get adequate coverage. It's important to understand how each product could help them should they be held responsible for a data breach. Damages, resulting from cyber liability, can be difficult to quantify and understand. "Translating cyber risks into a financial model is a key step in ensuring adequate coverage," says Philippe. "It is advisable to seek guidance from a professional broker or expert in the field who understands both the business world and cybersecurity risks."
In Mexico, for example, there are insurance companies that have policies that cover defense and compensation expenses, which cover costs related to regulatory procedures and notifying customers or users of the responsibility generated by the handling and custody of personal, corporate and confidential information, as well as for non-compliance with privacy regulations or security failures in the network.
3. Know the claims process: As well as coverage, the claim process is an aspect to consider when purchasing cyber liability insurance. In general, businesses can expect to receive monetary compensation, which is helpful. However, each insurance provider has a process for verifying the authenticity of the claim and a response time to pay the funds.
If a data breach occurs, organizations need to know how quickly the fund will be available. Additionally, some insurance companies also provide access to services such as cyber investigators or public relations. While a business may be busy managing the response to a breach or attack, additional assistance during this process is a valuable benefit.
How do you know if you need cyber risk insurance?
"The presence of cybersecurity threats will increase as the Internet of Things (IoT) grows. That's why all organizations, including security system integrators, should seek cyber liability insurance, as the biggest benefit is peace of mind in the event of a breach or attack," Philippe said.
It is the sole responsibility of each organization or company to ensure that cybersecurity best practices are implemented in every project, from installation to maintenance. They must remain vigilant and have vendors that provide tools and assistance to quickly identify and mitigate risks and keep security systems free of potential vulnerabilities.
To craft a successful cybersecurity strategy, it's important to understand what you need to protect yourself against. "In physical security systems in IP networks, Genetec solutions are designed with several layers of security and employ advanced authentication and encryption technologies, this helps companies understand the threat actors and assess potential security risks, while mitigating risks and developing a defense strategy to achieve greater cyber resilience," concluded the expert.
Leave your comment