Keeping an organisation’s most valuable assets secure over an array of networks and connections is a collaborative and complex process, involving and impacting on all aspects of the business. In addition, despite increasingly strong security measures, breaches still take place on a daily basis, with even the most ‘bullet proof’ organisations falling victim to attacks.
“Think of Target, Sony, Google or Ashley Madison,” says Sarel Lamprecht, MD of cyber insurance policy Phishield. “These breaches clearly illustrate that even companies with massive security budgets cannot adequately defend themselves against today’s modern threats.”
He says this is where cyber insurance comes in. “Businesses who have cyber insurance in place will benefit from peace of mind. The true cost of an attack is nearly impossible to measure. Over and above stolen monies or intellectual property, there are costs associated with loss of trust and reputation to factor in.”
According to Lamprecht, recovering from an attack in an expensive, resource heavy and incredibly disruptive process. “There are expenses associated with protection, mitigation and recovery. There are costs of factoring in more and more defences, and of navigating and complying with an increasingly complex and restrictive legal and regulatory requirements. Moreover, damage to brand, and the impact of loss of trust when looking at customer loyalty, operational dependability, even the ongoing viability of the business need to be taken into consideration.”
In an attempt to limit or at least lower the threats to their businesses, many businesses are pouring more and more resources into cyber security. He says alongside this, business practices and procedures are being updated to boost security, and teams of security professionals are being formed to respond and mitigate threats.
However, Lamprecht says businesses who want to limit their losses in the event of a breach are looking to cyber insurance. “The slew of high profile breaches we have seen in the past few years have forced businesses to rethink their approach to security. Massive fines and regulatory investigations were a wake-up call for organisations to start looking at new ways to protect their bottom lines.”
A major part of any good security plan these days must involve cyber insurance, he says. “Over and above a boost in defensive technologies and tools, companies need to accept that any effective security strategy needs input and participation from the entire business; it cannot merely be seen as something for the IT department to handle. Today, security is not just a technology issue, it is a risk management issue too.”
Today’s security landscape is challenging, he says. Modern threats are complex and sophisticated, and this, in conjunction with the increasingly interconnected world we live in with the Internet of things, means that cyber security must be considered at every level of the business, from the ground up, not merely slapped on as an afterthought.
The company’s most valuable assets must be protected, says Lamprecht. “It is vital that technology matches up to the risks faced by the business, and that security efforts are focused on crucial assets. However, there are no ‘silver bullets’ where security is concerned, and companies who have cyber insurance will have more peace of mind than those that don’t, and can focus efforts on operational resilience.”