Cyber liability is a hot topic in our technology-driven society. Every organisation has cyber exposure – but what steps can we take to mitigate that risk?
Matthew Davies, vice president, media and cyber liability product manager at
Chubb Canada, told Insurance Business about the precautions brokers should be urging companies to take.
“All businesses should keep an inventory of personally identifiable information (PII). It is critical to understand what information you collect, why you collect it, what you do with it, where it goes, who you share it with, and what happens when you destroy it,” said Davies.
Search and compare product listings for insurance against Phishing from specialty market providers here
“Having an inventory is a very good first step. From there you can develop your IT governance, understand who is going to have access to the company’s PII and decide how you are going to protect it.”
Mitigating cyber threat does not have to be a complicated task. In fact, there are many simple steps businesses can take to reduce their cyber exposure, according to Davies.
He commented: “One of the most important things an organisation can do is to ensure it has good password policies. Make employees change their passwords on a regular basis and set up a protocol for strong passwords with a mixture of letters, numbers and special characters.”
Another easy but important step towards cyber mitigation is education. Davies said organisations should “empower employees by helping them to understand what their cyber responsibilities are”. This could include training programs or seminars to help people identify anything suspicious.
Education is also important on the more technical side. Keeping software and virus protection systems updated, and regularly backing-up the database will help to reduce your cyber exposure.
“In addition to that, every business should have a cyber incident response plan,” said Davies. “Mitigating components will help to manage a cyber event but they won’t necessarily prevent one. An incident response plan will allow businesses to react to an incident more efficiently and understand all the components of how to respond.”
He added: “When privacy regulators in Canada respond to a report of a cyber breach, one of the first things they ask to see is the corporate governance and incident response plan. They will want to know what kind of training you have done with your employees to fortify them before a potential event. Having a plan in place will make it easier to manage an event and also manage the relationship with the regulator.”
Related stories:
Brokers are key to cyber insurance uptake
Why the cyber insurance market is changing