Companies are still not dedicating enough time to developing their cyber risk mitigation strategies according to a recent report by the Federation of European Risk Management Associations (FERMA). Despite 76% of respondents stating that information security and privacy had become a significant concern over the past 3 years, a mere 19% of those surveyed had security and privacy (“cyber”) insurance.
As coverage against breaches of cyber exposure become more widely available, it is time for companies to act to mitigate these risks.
Cyber risks are a concern for just about every business in the world. The threats not only affect e-commerce businesses but any company that stores personal data or uses computer networks. All of these businesses are confronted by threats, such as hacker attacks, data breaches and network downtime.
A Costly Crime
In 2012, cyber crime cost companies around the world a total of $388 billion, according to a recent estimate from the World Economic Forum. Despite the warning signs, there exists a lack of understanding concerning risk exposures and the overall cyber landscape.
One reason for this is that the situation is constantly evolving and the speed that technology changes makes it difficult to keep up. Legal changes such as new healthcare data standards in the U.S. and the proposed EU data security legislation add to the burden. Cyber insurance is a relatively new insurance product backed by a growing number of underwriters in the marketplace. The coverage that in the past has been quite restrictive has been growing more flexible with insurers responding to the demands of corporate customers. The options are currently wider than they have ever been.
Businesses need to get a grasp of the cyber landscape and proactively mitigate their own exposures. To do this they should:
- Implement a comprehensive risk-assessment and align security investments with identified threats.
- Understand their organization’s information and who wants it – consider who the adversaries may be and the tactics they might use to get the information.
- Embrace a new way of thinking in which information security is both a means to protect data and an opportunity to create value to the business.