The ongoing pandemic has taught us many things. Top of the list is the acknowledgment that we have become ever more reliant on web-based technology. Being able to conduct business online and to digitally enable a remote workforce to be productive is central to overall business performance. No-one is more aware of this reality than Dan Trueman, global head of cyber and technology security, for AXIS Insurance.
While stressing the direct impact technology has on business activity for organizations of all sizes, Trueman is also keenly aware of the ongoing, continually increasing risk of cyber-events and security breaches for businesses.
Educating companies on the significant cyber threat that exists drives the work that Trueman undertakes every day.
“Improving awareness is always a challenge. On the one hand, the public’s awareness of cyber threats is generally high, as popular culture and TV programs have played a part in heightening this awareness and often spreading fear,” Trueman stated. However, the problem is that “the belief that this is not going to happen to me,” needs to be challenged, he elaborated.
Sharing information on potential threats, providing training and guidance to policyholders helps to improve their overall understanding of the risks they face and how to become more resilient. At the core of what Trueman hopes to achieve and deliver for policyholders are three guiding principles: prepare, protect, and respond.
Discussing insurance options that help to mitigate risk while providing financial coverage is only one piece of the puzzle to help manage the undisputed cyber risks businesses face.
“There are core cyber hygiene factors that need to be in place,” Trueman explained. “The size of the company and complexity of the company matters and produces different risks.”
Trueman explained that before any real work can begin companies need to be able to identify potential cyber vulnerabilities. Having intimate familiarity with the likely threats that each business faces is core to the AXIS cyber insurance working model.
Next, Trueman continued, companies need to secure their parameter, address weaknesses, and protect themselves on all sides.
“You can achieve this by using standard anti-malware or anti-virus software. These are very basic measures that we use at a personal level. These need to be implemented at the corporate level as well,” Trueman explained.
He emphasized that there are other relatively simple security measures that can also be put into place, such as Multi-Factor Authentication (MFA) which requires a user to confirm a second identification, such as a PIN, sent to a mobile phone.
If working remotely, employees can also ensure that the tunnel or the VPN is secure and then make sure that the VPN is kept secure through various forms of protection, such as encryptions. The second step Trueman described as: “Addressing what can go wrong by looking at core elements including how you keep your backups and making sure they are able to go offline and then back online to recover data after a security breach.”
“This simple security measure can easily be put in place. What we are seeing now is that data storage used to be incredibly expensive but is now relatively cheap and accessible. Huge numbers of vendors and/or partner sites are offering security as a service to keep these three systems secure. Maintaining good cyber hygiene is within reach for almost any organization, and it is becoming almost inexcusable for companies to not be using them.” Trueman stated.
Equally important to the three-step method advocated by AXIS Insurance is the question of how quickly you can recover your data. Minimizing downtime and swiftly getting businesses back on their feet can be achieved through a consistently strong incident response capability and plenty of preparation.
Read next: Different models for cyber security
“The market works best when it’s collaborative and when we engage on the broader expertise, judgment, and knowledge sharing of the experts. The insurance industry plays a vital role in connecting those experts and then ensuring this knowledge translates back to the insureds. A good example of this is minimum security controls. As insurers, we have a unique lens on emerging trends and are well placed to guide policyholders to increased cyber resiliency,” Trueman stated.
Trueman further elaborated the need for this inclusive approach as he and other experts in the insurance industry have witnessed a steep uptick in how often different organizations are being attacked and the types of organizations that are being attacked.
“There used to be a low-level demand for cryptocurrency from cybercriminals whereas now we are seeing demands in the millions,” Trueman said. As a result of the size of recent cyber threats, insurance rates have risen to reflect market realities. Systematic events, such as the Microsoft Exchange attack, created vulnerabilities that have sent rates northward.
As one would predict, just as rates have adjusted to reflect today’s cyber threats, so too has the cost of recovery following an incident, Trueman explained.
As cyber threats are here to stay, the demand for companies to be protected against such predicted threats will only increase. In a complex business environment, driven by digital products and carried out increasingly online, the need to recover financial losses will just go up, Trueman pointed out.
Companies will need to practice good cyber hygiene and will require the expert services of cyber insurance professionals to offer packaged or stand-alone cyber insurance coverage depending on the complexities and size of their business.
“I believe that logically there will be significantly greater penetration of cyber insurance around the world. More people will buy cyber insurance in the future due to our attachment to technology and our need for technology – simple supply and demand,” Trueman concluded.