The human firewall

Cyberattacks are a matter of when, not if, writes Dan Burke, and readiness involves the first line of defence – humans

The human firewall

Opinion

By

If cybersecurity wasn’t already on insurance brokers’ minds, it is now – or at the very least, it should be in the wake of the 2017 WannaCry ransomware attack, one of the most virulent forms of malware ever seen. Attacking hundreds of thousands of computers worldwide, this breach was yet another reminder that any company with data, online records or even just an email account is vulnerable to cyberattacks.

In addition to the large attacks that make the news, insurance brokers and business owners may be surprised by the vast number of smaller breaches that are happening every day. Even more troubling, businesses often are not even aware that they have been hacked until days, weeks or months later.

The 2017 Hiscox Cyber Readiness Report found that the majority of companies worldwide had experienced a cyber incident in the last 12 months, and many had suffered two or more security breaches. In the US alone, 63% of firms reported having experienced a cyber incident in the past year, and 47% said they had experienced two or more.

The report also determined a company’s readiness for an attack based on four key areas (strategy, resourcing, technology and process) and ranked them from novice to expert.  Fewer than a third (30%) qualified as ‘expert’ in their overall cyber readiness, and nearly half of those were US-based companies.

Based on this data, it’s clear that US businesses have some major work to do when it comes to cyber preparedness. Cyberattacks and data breaches do not discriminate, and all companies that use technology are at risk.

The time to talk to your clients about cybersecurity is now.

It’s important to understand what cyber policies are available in the market, the nuances of those coverages and your client’s cyber exposures, but these should be table stakes. Where brokers can add value for their current and prospective clients is by being aware of the ever-evolving cyber threats that may impact their businesses.

Being able to talk to your clients about their ability to manage a hack and to boost their resiliency to cyber threats is an opportunity to add value beyond delivering product advice. Becoming a cyber expert yourself will not only help protect your own business, it will also make you an invaluable advisor to your clients.

Education is a key component to avoiding cyberattacks. It’s a low-cost, high-impact way for companies to improve their security. The process of educating businesses on cyber threats begins with their employees. They are the first line of cyber defence for any company – a human firewall.

Unfortunately, many companies are still lagging when it comes to employee training. Implementing formal training and developing a security process that can be entrenched in the company culture will help.

There are key areas where novice companies need to step up their game to become experts. Novices can better prepare themselves by taking the following actions:
 
  • Involve management in the cybersecurity discussion. Cybersecurity should be a concern not only of the IT specialists, but also board members.
  • Have a strategy. A formal strategy with a budget and measurement metrics goes a long way toward ensuring that a company’s cybersecurity efforts are efficient and costeffective.
  • Employee training. Training is one of the most important elements of a cybersecurity strategy.
  • Document processes and procedures. A company’s response plan should be in writing with responsibilities clearly defined, and its success should be easily measurable.
  • Tap into technology. Novices do relatively well in this area, but they could still stand to up their game in internal and external message encryption and authentication.
  • Transfer the risk with insurance. Twice as many experts as novices protect themselves with cyber insurance. A truly comprehensive cybersecurity strategy includes an investment in cyber insurance.
It’s no longer a matter of ‘if’ a business will be the target of a cybercrime, but ‘when.’ Cybersecurity should be a top priority in every business – and therefore for every insurance broker who works with business owners and operators.


Dan Burke is the cyber product head at Hiscox USA, responsible for underwriting and product strategy on the cyber line of business nationally.

Keep up with the latest news and events

Join our mailing list, it’s free!