Lessons learned from the CrowdStrike incident
Tech

Why tech-savvy leadership is key to cyber insurance readiness

6 Min Read

Business security

Having expert leaders at the helm is crucial to protecting the organization and securing the best possible cyber insurance coverage

August 7, 2024

,
4 minutes reading

cyber insurance prevent protect insure blog three

The board does not understand cybersecurity – that is no longer the case.

Before the pandemic, the CISO and cybersecurity team were seen as the nerds in the room down the hall who always said no. Even post-pandemic, while there is appreciation that cybersecurity can be a business enabler, there is generally a lack of understanding, especially at board level, about how to achieve a robust cybersecurity posture and how this actually enables the business.

The American Securities and Exchange Commission (SEC) announced this implemented regulations that require companies to disclose whether their board has a member with cybersecurity expertise. This is a potential game changer for CISOs looking to approve their budget or propose operational changes to the business for cybersecurity reasons.

Almost all companies depend on technology. It can be as simple as ordering supplies online, banking or emailing. Cybersecurity isn’t just essential for businesses that operate online or have significant digital communications with customers – it’s a necessity for all organizations. Understanding cyber risks, no matter how significant or not, is – and remains – fundamental for companies that want to succeed in today’s marketplace.

This need for understanding becomes even greater as we look ahead to developments in technology such as AI – whether a company adopts AI for its own use or uses services that contain some form of AI. Even using a generative AI tool in business comes with risks: for example, an employee could unknowingly leak sensitive company information by uploading text to a generative AI engine and asking it to refine the language.

This blog is the third in a series exploring cyber insurance and its relevance in this increasingly digital age – see also Part 1 and Part 2. Read more about how organizations can improve their insurability in our latest whitepaper, Prevent, protect. To ensure.

cyberinsurance prevent protect insure

AI will undoubtedly be a strategic tool for many. Adopting ethical use policies, securing data used to train the model, and updating and patching the model and tools used are just a few practices that organizations should consider.

See also  Dollar rises this week, cyber disruption causes investor unrest By Reuters

There will also likely be regulation around AI, and cybersecurity will be an element that will have its own requirements. This adds to the many regulations that companies must follow from a cyber perspective. The General Data Protection Regulation, PCI Compliance, the SEC’s Cyber ​​Incident Disclosure Rules …there are many regulations that must be followed and reported to ensure a company remains compliant. At the heart of many of these regulations is cybersecurity, further complicating the operations of cybersecurity teams.

To reduce risk, cybersecurity must be embedded in the digital business infrastructure under the premise of ‘secure by design’. This can take the form of following a cybersecurity framework such as the National Institute of Standards Technology, with clear policies and metrics to ensure the company:

  • adheres to regulations
  • follows an approved cybersecurity framework
  • has the necessary policies in place to reduce cyber risk
  • can handle any cybersecurity incident.

For small businesses, this may seem like overkill to document and create policies about what you already know, who has the authority to make decisions, and what happens “if.” However, creating a governance posture within the company will help ensure its longevity and is a prerequisite for growth: start as you want to continue.

From a cybersecurity perspective, this may be the point where outsourcing is the best option, as skills are often scarce and difficult to retain. Managed service providers that can operationally implement cybersecurity and help with the required governance may be an option, with many of them offering access to advanced solutions such as managed detection and response (MDR) services.

See also  The forgotten American: Richard Ledezma will play a key role in the Champions League for PSV against Juventus

How does this all fit into cyber risk insurance? Insurers are increasingly requiring companies to have robust cybersecurity measures in place. A company with a formal, documented process is likely to realize lower premiums and spend less time implementing pre-insurance requirements.

While the initial costs may be higher, with better digital protection, businesses will save money on their insurance premiums and avoid the recovery costs of the potential cyber attacks they may have faced without cyber insurance.

Learn more about how cyber risk insurance, combined with advanced cybersecurity solutions, can improve your chances of survival if or when a cyber attack occurs. Download our free whitepaper: Prevention. Protect Insure, here.

My collaborator, Peter Warren, an award-winning investigative journalist, author and broadcaster, has conducted a number of interviews on the topic of the future cyber threat that companies may face. The next episode will discuss why technology literacy in boardrooms is essential for strong cyber insurability.

Learn how cyber risk insurance and how cyber risk coverage, combined with advanced cybersecurity solutions, can increase your chances of survival if or when a cyber attack occurs. Download our free whitepaper: Prevention. Protect Insure, here.

TAGGED:
Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Travel

Real-estate

Must Read