BUSINESS surveillance keep in mind that cyberinsurance should never be viewed as a ‘ get out of jail ’ card . Instead , it should be viewed as a last resort that is used to underpin an effective cybersecurity strategy .
While an insurance policy can help organisations recover some , or all , of the costs incurred following a breach , it won ’ t address a number of issues that follow in the wake of operational disruptions . These intangible challenges can include dealing with employee stress , customer dissatisfaction and more .
In this day and age , organisations must assume that the likelihood of a cyberattack is now a case of ‘ when ’ not ‘ if ’, and plan accordingly . That means investing appropriately in protection and resilience technologies , alongside comprehensive user training and compliance processes , that together deliver a truly robust defence against threat actors .
There ’ s no getting away from the fact that it ’ s better to implement the cyber-resilience controls needed to minimise any need to make an insurance claim in the first place . Organisations that are appropriately prepared for security incidents are more likely to resist an attack in its entirety or quickly mitigate its impact , getting IT systems back up and running within minutes of an incident with no significant data loss .
Adopting a multi-dimensional approach
Organisations that opt to combine insurance with a comprehensive and forward looking IT and business resilience strategy will be in the strongest possible position to limit exposure . Ultimately , insurance should be one element of a robust and unified risk management system that should feature attack defences alongside comprehensive resilience and recovery capabilities that make it possible to come back fast from a ransomware attack .
Looking ahead , the cyberinsurance market looks set to bring in additional price increases alongside ever more stringent cybersecurity requirements . Organisations that pursue a more holistic cyberstrategy will be able to demonstrate to underwriters that they have the backup , Disaster Recovery , detection and data vault capabilities needed to protect their data in a comprehensive fashion .
Insurance should be one element of a robust and unified risk management system .
One thing is for sure , with a recent industry study finding that 21 % of insurers now specifically exclude ransomware from their policies , the importance of focusing on resilience is only set to grow .
WWW . INTELLIGENTCISO . COM 65