Change happens quickly and dramatically in the cyber world. Examine how the cost of hard drive storage has gone from around $200k per gig to less than $0.03 in just 30 years. By 2020 there could be 50 billion devices connected to the internet, multiplying at a rate much faster than that of the human population. In fact, only about 54% of current internet users are human. Many organizations have shifted away from on-premises storage to the cloud, spreading out and connecting to data across the globe. In 2003, California enacted the U.S.’s first data breach notification law and now all 50 states have similar regulations. As one can see, the cyber landscape — from devices to data and legislation to digital connectivity — is experiencing startling growth and change.
Problems arise when our drive for increased information access is not balanced with the necessary level of security to ensure the integrity and confidentiality of this information. Compounding this problem, software code is constantly evolving and new vulnerabilities are being discovered along the way. Cybercriminal exploits can include these two attack vectors: 1) the ability to deceive, impersonate and compromise people and/or 2) the ability exploit vulnerabilities in code and modify or compromise hardware. Enterprises face an environment in which cybercrime is projected to cost $6 trillion by 2021, while spending on security products and services is expected to top $1 trillion by 2021.
Enterprises of all sizes, financial systems, critical infrastructure and even nation states find themselves in the midst of an ongoing cyber war in which the stakes are critical. This new norm threatens a business’s the ability to maintain a competitive advantage and continuous operations. Enterprises must also now navigate a changing regulatory landscape. The EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), for example, establish new mandates on the nature of personally identifiable information (PII) with a broad definition of what constitutes “personally identifiable.”
If your personal information has value to you, it probably has value to others. It may have been among than 7 billion private records exposed by data breaches in 2017, or a seemingly innocuous item that is publicly available through social media or other sources. Advances in technology and data science allow for more sophisticated analysis and insights than ever before, which play into the ever-evolving cyber war.
If you have a complete solution to the problems outlined above, please notify me so we can implement that solution for the benefit of all. If not, consider the following.
Making cyber insurance part of your complete security solution
The first step in surviving the cyber war is understanding how to manage risk in general. This will allow you maximize your limited resources, minimize exposure and get the most value from the insurance you purchase. The following steps will put you on the path to protecting yourself, your business and your critical data:
- Identify your exposures, including the most valuable information in your care, custody or control. Consider how your operations, products, services, human resources and legal standing that can be affected by a cyberattack.
- Consider direct loss, such as the cost of computer forensics, notifying affected individuals of a breach, legal defense and settlement and repair of network systems.
- Consider the indirect loss of profit and extra expenses necessary to resume or maintain operations, such as after a ransomware attack or other shutdown.
- Consider what resources you will need to respond in a crisis and how cyber insurance can help you with your incident response plan.
- Work with an expert cyber insurance broker who can help clarify your risk priorities and customize an insurance solution that aligns with your business. Incorporate this into your overall security plan. Due changes in both the internal and external environment make sure to reevaluate on a periodic basis.
Co-authors: Howard A. Miller, CRM, CIC, Senior Vice President, Director of Tech Secure® Division, LBW Insurance & Financial Services, Inc. and Michael Flavin, Valeo Networks.