Clearview National April 2019 - Issue 209 - Page 28

PROUD SPONSOR OF THE CYBER SECURITY FEATURE CYBERSECURITY Worried about the financial impact of data breaches? You should be Despite the rising cost of data breaches most organisations are unprepared to deal with the financial and reputational repercussions. The current cyber landscape is chaotic including state-sponsored hackers, financially motivated cybercrime gangs and simple negligent data loss. Risk is everywhere and liabilities are high. Cyber threat remains one of the most significant and growing risks facing organisations today and too few are prepared. » » INTERESTINGLY, LOCATIONS that experienced the most expensive data breaches include the US and the UK, where notification costs are nearly five times the global average. It is clear the problem isn’t going away. Although cyber security most often makes it into the headlines because of large breaches, the most frequent threat is actually to SMEs. Becoming more resilient to cyber risks in an age of digital disruption means understanding the full scope of cyber governance responsibilities. Here are five reasons why every business, regardless of size or ownership, needs cyber insurance: 1. Cyber-crime is growing exponentially – an overwhelming majority of businesses are reliant on online services, which exposes them to cyber security risks. The 2018 Cyber Security Breaches Survey, conducted on behalf of the UK Government, revealed that 43% of UK organisations surveyed had experienced a cyber security breach or attack in the last 12 months. With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and have coverage to mitigate the risk. 2. Data breaches are costly – as mentioned before, in Ponemon Institute’s 2018 Cost of Data Breach Study, the average cost of a stolen or lost record is $148, while the overall cost of a data breach is nearly $4 million. This is irrespective of the fines and sanctions under the new General Data Protection Regulation (GDPR) within the EU and California’s Consumer Protection Act, which comes into effect on 1st January 2020 and will surely add to those costs. However, the real expense of an attack against an organisation is not just the financial damage suffered or the cost of remediation, a data breach can also inflict untold reputational damage. Suffering a cyber- attack can cause customers to lose trust and 28 » A PR 2019 » CL EARVI E W- UK . C O M ‘Becoming more resilient to cyber risks in an age of digital disruption means understanding the full scope of cyber governance responsibilities’ spend their money elsewhere. Additionally, having a Page 2 reputation for poor security can also lead to a failure to win new business or government contracts. 3. Organisations can be held legally and financially liable if third party data is compromised in a breach – emerging regulation as announced by the US Department of Defence (DoD) and the EU’s GDPR, places the responsibility on organisations to only appoint third parties who can provide sufficient guarantees that the requirements of NIST 800-171 and GDPR will be met. Both the DoD and the UK’s Information Commissioner’s Office (ICO) will hold liable, and may, fine any organisation that has not carried out due diligence to ensure third parties are compliant. Regulatory fines have become synonymous with data breaches and the fact that cyber risks are now global, makes complying with various regulatory responses across different geographies all the more challenging. 4. Standard insurance policies do not cover cyber risk - cyber insurance is specifically designed to cover the unique exposure of data privacy and security and can act as a backstop to protect a business from the financial and reputational harm resulting from a breach. While some categories of losses might be covered under standard policies, many significant gaps often exist, and cyber events can impact numerous lines of insurance coverage. 5. Improved cyber awareness and risk management – insurance is just one piece of the puzzle. Given that the single greatest cyber risk is social engineering; employees voluntarily but unknowingly allowing an attack to occur, it’s critical that organisations get the basics right, such as putting every employee through training on how to avoid and recognize cyber threats. Organisations need a comprehensive risk management plan that details how the company will respond in the face of a cyber- attack, that includes unknown threats. Given the complexities and ever-changing threats it is important to be proactive as possible. Cyber Essentials is a UK government- backed and industry supported scheme that guides organisations on how to protect themselves against the most common cyber threats. Undertaking a certification route will help organisations, especially SMEs which may not have a dedicated cyber security specialist, to coordinate all security practices in one place, consistently and cost-effectively. www.cysure.net