In our last AML Grey Matters broadcast, I had an interesting discussion with Foster Davis, a former Cryptologic Warfare Officer with the US Navy, regarding cyber security and the challenges of businesses obtaining cyber insurance.
In brief, the cyber attacks will continue as ransomware becomes more profitable and more “start-up” hackers see the opportunity for financial gains.
No longer can we rely on “papering” cyber security policies and procedures. Training staff to be aware of phishing emails, banning weak passwords, and ensuring the implementation of multi-factor authentication are some critical steps we can take today to protect our data and systems.
However, the risk remains, and the insurance companies that underwrite cyber security policies are looking for ways to reduce their risk with policyholders. Much like motor insurance is provided only to good drivers, and those with a reckless driving history will pay higher premiums, companies may soon need to provide evidence of their “good cyber history” to reduce premiums.
And it’s not just insurance companies that want evidence of robust cyber security practices. Vendors and third parties are starting to require proof of penetration testing – periodic or continuous.
These growing expectations challenge a business’s leaders, finances, and IT teams. We’re not all cyber experts, so knowing what vulnerabilities and threats you face at your organisation is critical to identify where you apply your resources. The good news is that the cost of penetration testing services is now lower than ever, and more tools that strengthen cyber security are available.
Foster also mentioned that communicating with one another – even competitors – is essential so that sectors can be aware of new attacks and vulnerabilities. We can defend against attacks against our industries and protect our businesses by working together.