Cyber
Manage Cyber Risks to Limit Financial Losses
October 9, 2023
A cyberattack impacts more than data. It can disrupt sales, lower your stock price, damage your brand, and erode trust in your company and leadership.
Consider the following actions you can take to manage your cyber risks, limit the potential for losses and protect your bottom line. You can also download this content as an e-book.
Implement a Rapid Cyber Risk Detection and Response Process
Your business, vendors and technology change
constantly. That means your cyber risks also change constantly. Implement a
rapid detection and response process to identify and resolve risks continuously
as they emerge. The process should include the following five steps:
1. Identify what needs to be protected (e.g., client and employee information, financial accounts, access to and from third-party systems).
2. Identify who can help (e.g., your IT team, third-party vendors) and what controls should be implemented (e.g., multifactor authentication, endpoint detection tools, email filters).
3. Detect vulnerabilities that need to be addressed (e.g., open ports, unpatched zero-day vulnerabilities, untrained employees).
4. Address detected vulnerabilities (e.g., patch, train, back up).
5. Test to ensure risks have been resolved.
Then, begin again because your business changes and cybercriminals never rest.
Apply Proactive Cyber Risk Controls
Controls can be used to limit the opportunity for a cyberattack and reduce potential downtime and losses. The better your controls, the more attractive your business becomes to cyber insurers. Consider the following eight cyber risk controls:
1. Multifactor Authentication (MFA). MFA is a multi-step process for verifying that system users are who they
say they are before giving them access to systems and data.
2. Endpoint Detection and Response (EDR). EDR and intrusion detection technologies monitor network activity, flag suspicious behavior and alert security if something abnormal is detected.
3. Data Backups. Storing encrypted, up-to-date data backups offline makes it easier to recover in the event of a ransomware or other attack.
4. Email Filtering and Web Security. Cybercriminals use emails and fake websites to trick people into divulging
sensitive information. Filters can flag dangerous emails and sites and prevent users from ever seeing them.
5. Patch Management. Hackers search for software vulnerabilities and use them to launch ransomware attacks or install malware. Software vendors issue updates and patches to resolve these product weaknesses.
6. Incident Response Plan (IRP). Having an up-to-date IRP can significantly reduce stress, downtime and costs if a cyber event occurs.
7. Employee Training. Employees are the weakest link in your cyber defense. Cybercriminals know it is easier to trick your employees into providing sensitive information than it is to attack your network directly.
8. Network Segmentation. Not every employee or third-party partner needs access to all systems, applications or parts of your company’s network. Limit user access to only what is needed to perform work.
Obtain the Best Cyber Insurance Coverage Possible
Unless you self-insure your cyber risks, you will compete against other businesses to obtain the most comprehensive cyber coverage with the highest limits, fewest restrictions and best pricing.
Be aware that cyber is still a relatively new risk. Insurers continue to debate the best way to underwrite it, which is why policy wording and exclusions keep changing, and underwriting forms aren’t yet standardized. This can be challenging for insureds.
To obtain the best cyber policy, partner with an insurance broker who understands cyber coverage nuances and who will invest the time to present your cybersecurity story in the most compelling way to carriers. This often requires looking beyond the insurer’s questionnaire and adding supplemental materials that showcase your cybersecurity efforts.
To learn more about cyber insurance policies, read our blog post: What Is Cyber Insurance?
Understand Your Cyber Risks and Coverages
An insured risk, like cyber, is still a risk. All companies, no matter the size or industry, are cyberattack targets. So before a cyber event occurs, test your incident response plan and make sure everyone understands their role. Ensure that you can easily answer the following questions if a cyber incident takes place:
- Who can we engage?
- Who can approve a ransom demand?
- Who will log and track the scope of work?
- How and when will we report a claim?
- How and when will we communicate?
Work with your broker to ensure you understand the first-party (losses experienced by your business) and third-party (losses experienced by others) coverages contained in your cyber policy. Cyber insurance can help you recover losses by supporting the following types of services:
- Breach coach
- Legal counsel and defense
- Cybersecurity forensics
- Data and network restoration
- Crisis communication
- Financial forensics
- Business interruption costs
- Fines and penalties
- Call center
- Credit monitoring/identity restoration services
Strengthen Your Cyber Insurance Claim
Not every cyber incident is a crisis. However, if
your business becomes the victim of a significant cyberattack, implement your
incident response plan. Also, consider these do’s and don’ts to protect your
organization’s finances and strengthen your cyber insurance claim:
- Do engage your carrier(s) and insurance broker as soon as a cyber event is discovered.
- Do maintain an activity log.
- Do store your cyber policy offline and communicate with the response team outside the regular business operating environment (in case the threat actor is still in the system).
- Do mitigate losses as much as possible.
- Do engage and listen to your breach counsel.
- Do document all expenses.
- Do conduct regular calls with stakeholders.
- Do learn from the experience.
- Don’t delay telling your insurer about the attack.
- Don’t directly engage with the threat actor.
- Don’t immediately reset your network or wipe it clean.
- Don’t share information with all employees.
- Don’t release information publicly without consulting counsel.
- Don’t assume that insurance will pay for your employees’ time to recover or restore your systems.
To learn more about these do’s and don’ts, click here.
Continuously Improve Your Cyber Risk Profile
Often, clients ask if their carrier will drop them if they file a claim. For organizations that do everything they can to strengthen their cybersecurity and demonstrate effective controls, the answer is most often “no.” However, it is important to document actions taken before, during and after a cyberattack. Record how, when and why decisions were made. Correct any weaknesses discovered. Update your incident response plan, and work with your insurance broker to tell your story effectively to carriers at renewal. For help in strengthening your cyber risk profile or obtaining cyber insurance, contact Hylant.
The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.