Page 81 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 81

System and Information security is the primary key to mitigating cyber-related risks. Whether through in-
            house personnel, engaging with outsourced cybersecurity firms or having those teams work in tandem,
            many vulnerabilities can and should be addressed as an enterprise-wide project. While there is no “one
            size fits all” approach to this, and it is a true investment of capital and manpower, it is imperative that
            companies do an initial assessment of their cybersecurity policies and procedures. The biggest mistake
            companies make in this context is believing that they are not a target because of their industry, their size,
            their revenues, or their footprint. Everyone is a target, and, as such, these issues simply cannot be
            ignored.



            Insurance

            Another key mitigation tool is purchasing a dedicated cyber insurance policy. This allows businesses to
            transfer first party loss (e.g., loss to the company itself) and third-party indemnity (e.g., liability claims
            against the company and regulatory proceedings) risks associated with cyber-related security breaches.
            A robust cyber policy is structured around helping the company recover and handle the costs associated
            with an attack and best protecting the company’s reputation. The purchase of insurance will often also
            act as a catalyst for implementing the tools and processes described above as cyber insurance carriers
            are increasingly demanding that most, if not all, of the items described above be in place (or be on track
            to be put in place) before they even issue a quote outlining the costs and coverages potentially available.

            As part of the underwriting process, carriers will analyze possible risks pertaining to the company; the
            strength of IT and cybersecurity controls; compliance with legal and industry standards; and the existence
            and strength of a security response plans. It is vital that companies be transparent during this application
            and review process, so issues do not arise in the event of a claim.  Misrepresentations of material facts
            requested  by  insurance  underwriters,  in  this  context  especially  with  respect  to  cyber  processes  and
            procedures, have led to voided coverage when such misrepresentations came to light following the notice
            of a claim to the carrier. No insurance policy is worth the premium paid if it is not available in the event of
            a loss.

            As ransomware and other cyber security threats continue to create profound financial and operational
            interruptions  affecting  businesses  and  insurance  companies  worldwide,  it  is  imperative  to  seek  an
            independent risk advisor who can serve as a soundboard and navigate through the various and sudden
            risks facing enterprises globally to ensure maximum recovery of data, systems and monies.



















                                                                                                              81
   76   77   78   79   80   81   82   83   84   85   86