Why Over-Reliance On Cyber Insurance Poses Risk To Organizations. — Cyber Security Kenya

Ransomware gangs target organizations with cyber insurance policies because their conversion rate is high. Ransomware incidents accounted for 41% of cyber insurance claims in the 1st quarter of 2020 in North America alone. That’s according to a report published by cyber-insurance provider coalition.

Having a cyber insurance cover is great but it alone will not guarantee data safety and the headache that comes with cyber attack incidents. It’s the same as having a health insurance cover but still living an unhealthy lifestyle. The moment you get unwell, you still experience challenges even though you have a cover.ie low productivity, loss of livelihood that may cost you more in the long run.

It’s best practice for an organization to have a cyber insurance policy and still have cyber security controls to prevent attacks in the first place. Over reliance on cyber insurance and not investing in proper cyber security control measures can still put an organization at risk. Cyber insurance providers may not pay premium for breaches that could have been avoided with proper cyber security control measures.

Cyber Security Team

The cyber security team (CISO) should also be involved during the cyber insurance uptake from the onset. This will help the management to understand technical language and also the coverage level.

For the insurance claim to be paid incase of an incident, certain security control measures must have been put in place and followed through as per the policy agreement. if this is not the case, the insurance provider will not pay the claim hence the importance of the security team’s involvement.

Conclusion

Cyber insurance shouldn’t be a replacement for a proper cyber security program. It may help offset some costs but it cannot cover cost from loss of R&D data, intellectual property or reputation damage.

Having a proper cyber security control strategy will help an organization identify vulnerabilities before they are exploited.

Combining proper cyber security control measures and cyber insurance policy will help organizations;

1. Avoid penalties & fines from regulators.
2. Give confidence to clients in regards to safety of their data.
3. Give confidence to stakeholders that their money/investment is safe.
4. Give them an edge against competitors.
5. Avoid loss of revenue due to interruption of services.

Is your cyber security plan effective? Contact us for a Cybersecurity Risk Assessment.

Originally published at https://eastafricarecoveryexperts.tech on March 3, 2021.