Benedict McKenna of FM Global offers advice for risk managers trying to keep pace with the fastest evolving threat of our day
Cybercrime currently costs the UK an estimated £27 billion a year. What's more, it is one of the most rapidly evolving risks facing businesses today. According to a recent survey by Lieberman software, 76% of organisations surveyed believe that cyber attacks are evolving too fast for their IT security personnel to keep pace.
Despite this, there is still plenty that organisations can do to reduce the threat, as well as mitigate the impact when an attack does occur. One thing that is certain - a lack of preparation in managing the threat of cyber can lead to devastating consequences to a company's reputation, market share and bottom line.
So, what are the key steps to take?
Loss prevention
While predictions around the frequency and financial impact of data breaches make stark reading, it's possible for organisations to build cyber-resilience into their corporate culture. This starts with a thorough assessment of the risk and the development of a Corporate Data Security Policy. This should include:
Auditing your suppliers and partners
Cyber risk is also a supply chain issue for organisations today. No matter how well you've secured your own organisation against cyber threats, you could still be exposed to risk through your partners and suppliers. Let's say you're a manufacturer: what if one of your key suppliers is attacked, disrupting that supplier's ability to supply and your operations are also affected?
BBC News recently reported that over half of UK businesses admitted to being the target of hackers last year, with a manufacturing company having a one in three chance of being attacked. With manufacturing companies increasingly relying on software to automate processes, manage partners and facilitate R&D, targeting of their supply chains by cybercriminals is becoming an increasing threat to businesses.
Supply chains therefore need to be audited, back up suppliers and partners identified (preferably in separate supply chains to the primary suppliers) so that in the event of one supply chain being compromised, alternative suppliers can step in and fill the gaps.
Have a plan in place to ensure a quick recovery after a cyber attack
Unfortunately, it is not possible to fully eliminate the risk of a cyber-attack; hackers will continue to evolve new and sophisticated methods to get around even the tightest of security. Therefore, a recovery plan needs to be in place, to deal with the effects of a cyber-attack.
The plan should cover areas such as:
The presence of a recovery plan can help to reduce the long-term reputational damage that businesses can suffer after the public is made aware that they have suffered a significant cyber attack or data breach. The recovery plan will ensure that a business is resilient - and a resilient business will be at a competitive advantage to its non-resilient competitors.
How can insurers help?
In a previous article in Airmic News [https://www.airmic.com/news/how-well-do-you-understand-your-cyber-cover], we talked about first and third party cyber covers as well as stand-alone cyber policies available in the market today. While there is a vast array of offerings out there, ultimately in the event of a data breach, companies want to be safe in the knowledge that their insurance cover is robust enough to respond.
It is important therefore that organisations continue to challenge their insurance carriers to offer the kind of cyber/data covers they need. And in the event of a loss companies need to rely on their insurers to quickly assess and process claims, ensuring that policyholders have the capital needed to recover from the breach - something that can be even more important when the cyber attack has caused property damage and resultant business interruption.
When taken together with the prevention and response measurers discussed earlier, this will help ensure they remain resilient in the face of such threats.
Benedict McKenna is operations vice president and operations claims manager, at FM Global.