Cyber Risk Transfer : The Next Best Solution?

Hello all,

A Fortune 500 survey conducted last year has revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy. Risk transfer is a strategic decision that many enterprises are making to mitigate risks while complying with cyber security standards.

Cyber insurance is not entirely new but the market is growing due to the increase of cybercrime. With hacking attempts becoming more prevalent and sophisticated, many executives are taking cyber risk transfer into consideration. This market has increased up to 25 carriers providing up to $300M in limits.

According to the Advisen report from October 2015,  60 % of respondents are buying cyber risk insurance. It’s significantly higher compared to 2011 when cyber risks were not as bad.  Insurance providers offer services ranging from security and privacy liability, data recovery and cyber extortion, these companies offer a new set of options for a modern enterprise.

However, the real risk exposure of the company must be determined through a proper assessment of the key systems prior to taking decisions concerning risk management and transfer.

Michael Porier, Managing Director Cyber Security and Privacy at Protivity, suggests a set of steps to be taken in order to create an actual strategy. He discussed the full cyber security framework consisting of the follwoing steps in one of his presentations.

  1. Cyber assessment – evaluating the actual level of risk;
  2. Cyber risk mitigation – implementing the cyber security strategy;
  3. Cyber Insurance, risk transfer – deciding on the proper risk transfer option suitable to the particular company.

The full process involving these steps comes down to planning and executing the following:

RISK TRANSFER BEST PRACTICES

Risk transfer has benefits to the enterprise but the decisions must be carefully made and the CIOs need to be aware of the long-term commitment they are making. There should be complete transparency between the insurer and the end-users. Some of the recommended steps are as follows;

  1. Define security responsibilities for each party- It is extreamly important for both parties to fully understand their areas of responsibilities. If the company is obtaining services from cloud providers, this is becomes a crucial consideration, as the vendors may maintain the right to change service policies.
  2. Audit provisioning- It must be able to audit the issuer/provider by the enterprise , to make sure maximum standards are maintained when operating with the data. Now seen as the 4th “A” in the process of identity and access management, audit is gaining  importance for meeting regulatory compliance.
  3. Compliance assessment- Companies that operate in regulated industries have to abide by all the rules and regulations when transferring risk. IT professionals should undertand their responsibilities under secure environments under HIPAA or other acts such as HITECH, FISMA.
  4. Disaster recovery plan of actions- Make a strategic plan of actions for each of the parties in order to ensure immediate reactions in case of a disaster.

When transferring responsibilities to cyber insurers, the above aspects have to be considered. In an era where security systems and software solutions alone cannot defend against cyber attacks, risk insurance provides the opportunity to increase the credibility of the business and provide maximum safety for the internal data.

Consider all your options and stay safe


Source: Akati

Comments are closed.