The world is changing rapidly and cyber criminals are adapting fast. Targeted cyber attacks by skilled and persistent criminals are now a worrying business reality.
Increased interest in cyber insurance
With more than 800 million records being leaked in 2017 (find out more in our Breaches and Hacks Blog Archive), it’s not surprising that cyber insurance business has increased in recent months.
According to the BBC, Hiscox has seen a rise in its cyber and data risks insurance following high-profile breaches – particularly the TalkTalk breach – and in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline.
Gareth Wharton, chief executive of cyber at Hiscox, said: “We’re seeing annual growth of around 40% in cyber [and] we expect to have taken around $100m in premiums in 2017.”
Insurers assess an organisation’s cyber risk to set premium levels
Wharton says insurers “make sure the client is an acceptable risk”. Premium levels are set by assessing cyber risk, including examining the following:
- Is there a business continuity plan in place?
- Do they have antivirus and firewall protection?
- Are the software and data updated frequently?
- Is critical data encrypted?
“We have a responsibility to drive up standards and encourage better practice,” added Wharton.
Reduce cyber risk with certification to recognised standards
Nick Whitfield, chief executive of Panaseer, said: “Businesses must understand that cyber insurance is not a silver bullet – you don’t get car insurance and drive like a maniac.”
There are three recognised standards that can reduce your organisation’s cyber risk:
- Cyber Essentials is a government-backed scheme for organisations of all sizes to help demonstrate to customers and other stakeholders that the most basic cyber security controls have been implemented. According to the UK government, the scheme could prevent “around 80% of cyber attacks”. Organisations must also be certified for a range of government ICT contracts and all MoD contracts. Read Cyber Essentials – A Pocket Guide to find out more about the scheme and its requirements >>
- ISO 27001 is the international standard that describes best practice for an information management system (ISMS) and demonstrates that your organisation is following information security best practice. View our infographic for more information on implementing an ISMS >>
- ISO 22301 sets out the requirements for a business continuity management system (BCMS) and ensures an organisation can resume operations and return to ‘business as usual’ as quickly as possible after a disruptive incident, e.g. cyber attacks or power failures. Download our free green paper for more information on implementing a BCMS >>
Organisations should adopt a cyber resilient posture
All of the above standards are encompassed in how IT Governance can help you achieve cyber resilience, and achieving a basic level of cyber security is an essential step.
Cyber resilience is a broad approach that incorporates cyber security and business continuity management, and aims to defend against potential cyber attacks and ensure your organisation’s survival following an attack.
Implementing the five controls outlined in the Cyber Essentials scheme means your organisation will be on track to:
- Reduce financial losses;
- Meet legal and regulatory requirements;
- Improve its culture and internal processes; and
- Protect its brand and reputation.
Essential guidance for organisations new to Cyber Essentials
If your organisation is new to Cyber Essentials and cyber resilience, we recommend reading February’s book of the month, Cyber Essentials – A Pocket Guide.
This is an essential guide for organisations looking to work towards Cyber Essentials certification:
- Explains the scheme and its requirements in non-technical language.
- Written by a CREST-accredited Cyber Essentials certification body to help implement the five controls correctly.
- Clarifies the certification process and explains how to achieve certification in a fast, efficient and cost-effective manner.