Cyber Insurers Won’t Cover Data Breach

Uploaded on 2015-06-22 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

20140222_WBC387.png

After Ponemon Institute’s report highlighted insurance protection as a way to mitigate the risk and consequences of a data breach, I’m sure some CEOs out there breathed a sigh of relief. “Great, we can just get cyber insurance and not have to worry about actually being cyber secure.” 

Wrong!

Insurance protection is just one of the ways to mitigate costs; you must also consider having an incident response plan and team in place, extensive use of encryption, business continuity management involvement, CISO leadership, employee training, board-level involvement, and other factors.

Insurers can decline to pay out over inadequate cybersecurity.

Recently, California health care provider Cottage Health System awoke to news when their insurer declined to pay out for their data breach back in 2013 because they had failed to follow, “minimum required practices”. Specifically, the insurer is claiming that Cottage “stored medical records on a system that was fully accessible to the Internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the internet.”

Failing to implement basic cybersecurity measures will almost certainly mean that your insurance brokers won’t cover you. Considering the average cost of a data breach is now $6.5 million, this is a hefty price for any organization to pay out.

Basic cybersecurity practices:

Check your insurance policy carefully, but generally you’ll need to make sure you have these fundamentals of basic cybersecurity right.
    
Download software updates. It sounds like a no-brainer, but it is amazing how many viruses exploit outdated software. Use strong passwords. That is, passwords that contain a mix of lower- and upper-case letters, numbers, and symbols. And don’t leave your passwords lying around for everyone to see!
     
Don’t open suspicious emails. As we regularly report on this blog, a staggering number of phishing emails are sent every day. You need to be aware of these scams and ensure that you and your staff do not click on malicious links.
    
Use antivirus software. 

Train your staff. People are your weakest security link – fact. Cyber criminals look to exploit the human fallibility or curiosity. For all the cybersecurity you have in place, one ill-advised click can undo all of your hard work. Staff awareness training is essential to successful cybersecurity. 
    
Encrypt your systems and mobile devices. Don’t make a hacker’s job easier than it already is! In fact, if you implement robust cybersecurity measures, you will not only reduce your chance of suffering a data breach in the first place, but your insurance premiums will be considerably lower, too.

Implementing an information security management system (ISMS) aligned to ISO 27001 is considered to be the most comprehensive approach to effective cybersecurity. Recognized worldwide, ISO 27001 covers technical testing, incident response, bring your own device (BYOD) policy, risk assessments, and many other areas to ensure the confidentiality, integrity, and availability of your information that no other standard or framework can offer. ISO 27001 registration instills confidence in your clients and stakeholders that you take information security seriously, often winning you new business and strengthening existing partnerships.

It Governance:  http://bit.ly/1BqrzIs

« Paying for Non-Secrets
The Ever-evolving Cyber Threat to Planes »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.