Target, Sony, Home Depot, Anthem, JP Morgan Chase, eBay, Yahoo and Equifax are all reputable brands that have endured security breaches impacting millions of customers around the world. As all the companies mentioned had cybersecurity in place at the time of breach, now is the time for all organizations to strengthen their strategies to mitigate risk. No company is immune from the threat of a security breach. Attempting to prevent breaches is no longer enough. To be resilient in today’s business climate, organizations must fine-tune their plans of action as they relate to cybersecurity. They must also insure against cybersecurity risks, leverage data analytics to reduce the frequency and severity of loss and examine all system integrations and parties, including employees, with access to their technology.
Insure against cybersecurity risks.
According to Insurance Journal, 50% of U.S. firms do not have cyber insurance. While cyber insurance is relatively new, it offers an innovative approach to protecting your organization against security risks. Whether in the public or private sector, it is critical that companies maintain a cyber insurance policy to cover all or portions of losses in the event of a breach. It is crucial to work with an insurer that clearly states what is covered in the policy and that adequate coverage is purchased to cover your business at a time of loss.
As an example, the breach of Target Corporation in 2013 resulted in a $300 million loss. Target’s cyber insurance policy covered $100 million with a $10 million deductible. While it is challenging to estimate the total coverage required, it is critical to work with an insurer that has the expertise to guide your organization on the right path. In the case of Target, an increase in coverage could have protected the company from additional liability in the breach of their systems.
Leverage predictive analytics to reduce the frequency and severity of loss.
It is critical that your organization leverages data analytics to gain real-time insights into security threats. When used in combination with traditional security information and event management (SIEM) software, companies can quickly detect threats and combat them head-on. Advanced analytical tools leverage algorithms to identify anomalies in patterns of behavior within systems that indicate suspicious activity requiring further investigation. One organization that has mastered the use of analytics for security is Rackspace. The cloud computing giant implemented security analytics to monitor suspicious behavior and reduced their incident response time from hours to minutes. Every company should leverage analytics to predict, monitor and address suspicious or malicious activity. Now is the time to assess opportunities to make your data analytics support your organization’s security strategy.
Examine all system integrations and parties with access to your technology.
Monitoring, preventing and insuring against cybersecurity risks are not inexpensive or easy to manage. Organizations need to examine all system integrations and those individuals with access to their technology to stay ahead of potential security nightmares.
From a systems standpoint, there are many options available for preventing security threats, including health and hygiene practices within technology infrastructures, two-factor authentication to verify users, data encryption, hardware security, anti-ransomware tools, security update patches and more. It is critical that your organization have the right mix of tools integrated with your systems to reduce the frequency and severity of loss. When considering preventative measures against threats, think not about the cost of initial investment, but consider the costs you could be mitigating if a breach were to occur. In the case of the recent Equifax breach, the organization’s systems lacked updated security patches, leading to a security incident that could exceed $1 billion.
In addition to updating security technology and system integrations, it is critical to evaluate which parties have access to your systems. Organizations need to ensure all individuals and companies with access to their systems are fully vetted and that external systems accessing their infrastructure are also secure. Every point of entry to your system should also be assessed to ensure optimal security.
As cybersecurity continues to grow in prevalence across the business community, it is important to remember that the investments made in mitigating risk are not to help if but rather when your organization encounters a breach. While it is safe to assume all organizations have a cybersecurity policy in some way, shape or form, the time is now to review your plans and ensure you are not only mitigating risk but are prepared if a breach does occur. To be successful, organizations must insure against cybersecurity risks, leverage data analytics to reduce the frequency and severity of loss and examine all system integrations and parties with access to their technology. While the risk for cybersecurity threats continues to rise, now is the time to embrace change and implement strategies at all levels of your organization to proactively mitigate risk before infractions occur. When indeed they do occur, you’ll also be much better prepared to react and minimize any negative impact.
The original article was published by Vik Renjen on the Forbes Finance Council. Stay tuned to the Sutherland blog for more on insurance and cybersecurity, and be sure to follow our social channels (Facebook, Twitter, LinkedIn) as well.