Cyber threats is on everyone’s mind – the government, large corporations, and mid- to small-sized businesses across many industries – and rightly so. Last year was the worst year for cyber threats so far, with 740 million data files potentially viewed or stolen worldwide, according to a report, “Records Exposed Hit New High in 2013, Data Breach Today.”
What can companies to do to lower their exposure to cyber threats? Simply put, they need to raise their game, as cybercriminals keep shifting their tactics and becoming evermore sophisticated in penetrating an organization’s perimeters for data, intellectual property, and business-sensitive information for financial gain. The resounding consensus is that no longer can organizations have a false of security because they’ve already made significant investments in security tools and processes. Firewalls, antivirus protections and systems for detecting and preventing intrusions are increasingly less effective as attackers use encryption and other innovative techniques to evade them.
Getting Ahead of the Game
As organizations increasingly recognize the new reality of cyber crime, they are beginning to apply intelligence and advanced techniques to identify threats before attacks occur – and proactively responding. Following are several recommendations you can share with your insureds based on a report produced by Deloitte, the audit, financial advisory, tax and consulting company:
Identify the most valuable targets. Understand the market value of stolen intellectual property and confidential data in your industry and, specifically, for your organization. Tap into external intelligence to understand the broader threat landscape. Then look inward and determine which assets face the highest risk for an attack—either because of high potential for monetization if stolen, or critical business impact if breached.
Assess your current cyber threat program. This will help you identify strengths and gaps. Be sure part of this program includes Cyber Liability insurance, which will respond in the event of a breach.
Develop a road map to enhance your defense architecture. Your plan should be prioritized based on perceived risk of high-value business assets. Update your threat assessment process to focus on critical business risks to the organization and then model how those business risks may be affected by specific cyber threats. Too often, organizations design their defenses to respond to the general security threats, not the threats that could have a material impact on their own business.
Get the most from existing capabilities. Look to leverage the benefits of the technologies and processes already in place before creating or implementing new ones. Organizations usually find that they can enhance their benefits from existing capabilities and tools. These include endpoint protection, vulnerability assessment and patch management, content monitoring, data loss protection, intrusion prevention and core network services. Determine which elements of the threat defense architecture are in place today or could be developed with adjustments and integration, versus which elements require new technology and processes.
Businesses, board of directors, and technology leaders need to engage in ongoing discussions about what the business values most, how the company drives competitive advantage and which information and other digital assets are the most sensitive to effectively address cyber threats. Brand, customer trust and strategic positioning are at risk from these threats.
At IPOA, we can help you secure Cyber Liability, Data Breach insurance coverage for your clients. We have a specific program for hotels under our HotelPro program through an exclusive arrangement with Beazley. Included in the coverage is breach notification and credit monitoring services with separate coverage limits for third party claims; breach response coverage for forensic and legal assistance, and notification costs; bureau credit monitoring services; and crisis management sublimit for public relations; a separate limit of liability for privacy, network security and media claims; and more. Please give us call for more information at 877-653-IPOA (4762).