The Changing Landscape of Cyber Insurance – From Property to Resilience
- On average, it takes companies 6 months to detect a data breach
- 31% of organizations have experienced cyber attacks on operational technology infrastructure
- 43% of all cyber attacks are aimed at small businesses
- Just 38% of global organizations claim that they are equipped and able to handle a complex cyber attack
With the alarming, continued increase in the number of organizational hacks and data breaches, cybersecurity is top of mind for all organizations. In the beginning of the digital age, having a certain set of security protocols and trainings in place was thought to be enough. Nowadays, businesses must plan to prevent such breaches as well as focus on post-attack survival in the event one occurs.
When discussing cybersecurity, IT and data resilience, we tend to put an emphasis on backups or disaster recovery. In the event of a breach or weather disaster, it is essential for businesses to be able to recover their data. As cybersecurity continues to evolve, we are seeing a shift in focus from data resilience to organizational resilience. Organizational resilience refers to the ability of the business to defend against cyber-attacks, limit their impact and make sure the business can achieve success, post-attack. It goes without saying that there are plenty of initial headaches that come with cybersecurity breaches, but experts agree that most of the damage occurs when companies fall short on a practiced response strategy. It is a no-brainer that we practice fire and earthquake drills but why do we still fall short when practicing our cybersecurity?
An answer to the previous question can be seen when analyzing management’s misunderstanding of the cyber threats currently present. Today, organizations use a large amount of hardware and software solutions, both secure and unsecured, all managed and maintained by people. Regardless of the amount of security measures in place, the human element will always leave some level of imperfection in security protocols. Management must take certain steps to help limit the human element, while securing some level of organizational resilience. First and foremost, organization must set security protocols for the configuration of infrastructure and mitigation in place. Secondly, management must maintain proper monitoring to help predict breaches. Lastly, management must adopt some type of cyber insurance that includes coverage for costs, ransoms, loss of income and more.
At Colony West, we’ve seen some sort of evolution with all three recommendations but none as much as the changing landscape around cyber insurance. In the past, we’ve briefly touched on the effects social engineering has on your insurance coverage but cyber insurance cause an even more dramatic shift, from focus on a policyholder’s property to their resilience. Additionally, underwriting has adjusted their attention from assets to seeing how a business will react and function after a breach. With all this movement, cyber insurance companies are competing to offer better solutions around risk management and incident response. It goes without saying that many organizations are under prepared for the eventual cyber-attack but this does not mean that your business should be under-insured.
At Colony West, we’ve worked with a variety of clients who are facing these same issues today. Our insurance experts, coupled with our wide range of technology solutions, will customize a policy that works to help prevent breaches and cover you post-attack. Contact us today to see how we can prepare you for the present and the future.