Clearview National April 2019 - Issue 209 | Page 28
PROUD SPONSOR OF THE
CYBER SECURITY FEATURE
CYBERSECURITY
Worried about the financial impact
of data breaches? You should be
Despite the rising cost of data breaches most organisations are unprepared to deal with
the financial and reputational repercussions. The current cyber landscape is chaotic including
state-sponsored hackers, financially motivated cybercrime gangs and simple negligent
data loss. Risk is everywhere and liabilities are high. Cyber threat remains one of the
most significant and growing risks facing organisations today and too few are prepared.
» » INTERESTINGLY, LOCATIONS
that experienced the most expensive data
breaches include the US and the UK, where
notification costs are nearly five times the
global average. It is clear the problem isn’t
going away. Although cyber security most often
makes it into the headlines because of large
breaches, the most frequent threat is actually
to SMEs.
Becoming more resilient to cyber risks in an
age of digital disruption means understanding
the full scope of cyber governance
responsibilities. Here are five reasons why
every business, regardless of size or ownership,
needs cyber insurance:
1. Cyber-crime is growing exponentially
– an overwhelming majority of businesses
are reliant on online services, which exposes
them to cyber security risks. The 2018 Cyber
Security Breaches Survey, conducted on behalf
of the UK Government, revealed that 43% of
UK organisations surveyed had experienced a
cyber security breach or attack in the last 12
months. With highly sophisticated attacks now
commonplace, businesses need to assume that
they will be breached at some point and have
coverage to mitigate the risk.
2. Data breaches are costly – as mentioned
before, in Ponemon Institute’s 2018 Cost of
Data Breach Study, the average cost of a stolen
or lost record is $148, while the overall cost
of a data breach is nearly $4 million. This is
irrespective of the fines and sanctions under
the new General Data Protection Regulation
(GDPR) within the EU and California’s
Consumer Protection Act, which comes into
effect on 1st January 2020 and will surely add
to those costs. However, the real expense of
an attack against an organisation is not just
the financial damage suffered or the cost of
remediation, a data breach can also inflict
untold reputational damage. Suffering a cyber-
attack can cause customers to lose trust and
28 » A PR 2019 » CL EARVI E W- UK . C O M
‘Becoming more resilient
to cyber risks in an age
of digital disruption
means understanding
the full scope of cyber
governance responsibilities’
spend their money elsewhere. Additionally,
having a Page 2 reputation for poor security
can also lead to a failure to win new business
or government contracts.
3. Organisations can be held legally
and financially liable if third party data
is compromised in a breach – emerging
regulation as announced by the US
Department of Defence (DoD) and the
EU’s GDPR, places the responsibility on
organisations to only appoint third parties
who can provide sufficient guarantees that
the requirements of NIST 800-171 and GDPR
will be met. Both the DoD and the UK’s
Information Commissioner’s Office (ICO) will
hold liable, and may, fine any organisation that
has not carried out due diligence to ensure
third parties are compliant. Regulatory fines
have become synonymous with data breaches
and the fact that cyber risks are now global,
makes complying with various regulatory
responses across different geographies all the
more challenging.
4. Standard insurance policies do not cover
cyber risk - cyber insurance is specifically
designed to cover the unique exposure of
data privacy and security and can act as a
backstop to protect a business from the
financial and reputational harm resulting from
a breach. While some categories of losses
might be covered under standard policies,
many significant gaps often exist, and cyber
events can impact numerous lines of insurance
coverage.
5. Improved cyber awareness and risk
management – insurance is just one piece of
the puzzle. Given that the single greatest cyber
risk is social engineering; employees voluntarily
but unknowingly allowing an attack to occur,
it’s critical that organisations get the basics
right, such as putting every employee through
training on how to avoid and recognize cyber
threats. Organisations need a comprehensive
risk management plan that details how the
company will respond in the face of a cyber-
attack, that includes unknown threats.
Given the complexities and ever-changing
threats it is important to be proactive as
possible. Cyber Essentials is a UK government-
backed and industry supported scheme that
guides organisations on how to protect
themselves against the most common cyber
threats. Undertaking a certification route will
help organisations, especially SMEs which may
not have a dedicated cyber security specialist,
to coordinate all security practices in one
place, consistently and cost-effectively.
www.cysure.net