[BreachExchange] Cyber insurance: Can it save your business?
Inga Goddijn
inga at riskbasedsecurity.com
Tue Sep 19 19:48:47 EDT 2017
http://www.idgconnect.com/blog-abstract/27961/cyber-insurance-can-save-business
Take all the time you want preparing for a cyberattack.
Go right ahead and spend money on IT security experts. By all means educate
staff about the dangers of cybercrime. Absolutely do run stress tests and
build cyber crisis-management plans.
After all, fail to prepare = prepare to fail, right?
Well yes. But are you sure that’s enough? Is any business safe these days,
really?
Even a cursory glance at the news says possibly not. Just how big do
organisations have to be before they’re immune? *WPP
<http://www.independent.co.uk/life-style/gadgets-and-tech/news/wpp-hack-ukraine-cyber-attack-wannacry-petya-security-a7810756.html>*
big? *TalkTalk <http://www.bbc.co.uk/news/business-37565367>* big? *NHS
<https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20>*
big?
Apparently not.
The uncomfortable truth is every organisation – regardless of size, type,
location and industry – is a target for unscrupulous cyber criminals.
Accept that and you’re halfway there
It’s all very well moving heaven and earth trying to stay safe, but the
increasing frequency of successful attacks on seemingly impenetrable
defences (ironically, even *the UK government’s Cyber Essentials website
has fallen victim*) tells us that might never be enough. What if your
antivirus misses an update? What if an absent-minded employee clicks a link
in that convincing-but-fake phishing email?
There’s an element to successfully overcoming cybercrime that no one’s
talking about. And it’s not what to do *before* an attack. It’s what you
have to do *after*.
You can spend time and money pulling up the drawbridge but, if that’s not
enough, you’ll need to spend much more of both these things getting back on
your feet. Again, a quick look at the news tells you all you need to know
about the damaging, debilitating, inconvenient, distressing and
business-crippling effects of cybercrime.
So you need to prepare for that too.
Six ways cyber insurance helps
Problem is, that’s a whole new set of unknowns. You’ll have questions about
how long it takes to recover, how much help you’ll need, where to go for
that help, how much everything costs, what happens to your business in the
meantime, what the consequences are for your clients ... and so on.
These are all questions cyber insurance answers.
Here’s how:
Finding out what’s wrong
Identifying the problem and working out what has to happen next are
essential first steps to post-attack recovery. You’ll need expensive,
specialist IT help to do this but that’s OK because your cyber insurance
pays the bill.
Dealing with the bad guys
Ransomware seems to be many cyber criminals’ weapon of choice. Even though
there are ways round it, and cyber security experts’ advice is almost
always ‘don’t pay up’, you can’t sit back and do nothing. Thankfully your
cyber insurance brings in a consultant to manage the situation and, if
there’s really no other option, pays the ransom too.
Fixing what’s broken
Hardware, software, websites and almost anything IT-related is expensive.
Cyber insurance pays to repair, restore or replace systems, data and
websites damaged by a hack.
Meeting your legal obligations
You’ll need to report a data breach to the *ICO <https://ico.org.uk/>*.
You’ll also need to tell your customers and suppliers, and fend off the
likely (or inevitable) confidentiality claims against you. All these things
need a solicitor’s touch – your policy provides and pays for this essential
expertise.
Keeping your business going
The longer you’re digitally hamstrung, the more it’ll cost you. If business
as usual isn’t possible, cyber insurance covers the income gap between what
you should earn and what you actually do.
Protecting your reputation
No such thing as bad publicity? Easy to say when it’s not your company name
in the headlines. Cyber insurance pays for a PR specialist to placate irate
customers and keep your good name intact.
All in all, pretty useful stuff. But before you rush out and buy the first
cyber insurance policy you see, a word of warning.
Not all cyber insurance is the same. Different policies can cover different
things and it pays to do a little homework. If you’re not sure what to look
out for, ask a specialist broker to de-code the policy wordings and tell
you what’s what.
You don’t want to end up with something that won’t actually help when you
need it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170919/1d5391e8/attachment.html>
More information about the BreachExchange
mailing list