Auto insurance doesn’t prevent collisions, and cyber insurance doesn’t prevent cyber-attacks. However, what you do in order to buy cyber insurance will.
Increasingly, you only can buy cyber insurance when you prove that you have implemented comprehensive strategies to reduce your risk and mitigate the cost of cyber-attacks. In fact, it is more valuable to implement those cyber security strategies than to have the insurance policy.
The cyber risk landscape is ever more complex ,sophisticated and potentially costly. Those trends drive policy costs higher and coverage lower. You must do more than ever to protect your organization from attacks and losses and to increase resiliency.
Experts currently recommend – and insurers increasingly expect – that you implement a cyber security policy of ‘never trust, always verify’, which requires a Zero Trust Architecture (ZTA). Typically, ZTA integrates various strategies that will do more than merely prevent bad actors from penetrating your system perimeter.
First implement, maintain and periodically review sound and comprehensive cyber security strategies. Then consider cyber insurance.
Luck and quick thinking are great in all aspects of life, but they aren’t business recovery strategies or risk mitigations. A near miss event should be treated very seriously, not as a success, and as a warning to bolster training, revise business recovery plans and implement additional risk mitigations.
Organizations need to make BCM programs measurable to enable useful oversight and accountability. Too often, however, measuring BCM becomes unnecessarily complex, time-consuming and onerous, diverting resources and sapping engagement and commitment.