By Christopher Keegan, Willis expert for cyber, and errors and omissions insurance

Cyber Risks: The warnings are there, now it is time to act

Companies are still not dedicating enough time to developing their cyber risk mitigation strategies according to a recent report by the Federation of European Risk Management Associations (FERMA).

Despite 76% of respondents stating that information security and privacy had become a significant concern over the past three years, a mere 19% of those surveyed had security and privacy (cyber) insurance.

As coverage against breaches of cyber exposure become more widely available, it is time for companies to act to mitigate these risks.

The threats

Cyber risks are a concern for just about every business in the world. The threats not only affect e-commerce businesses, but any company that stores personal data or uses computer networks. All of these businesses are confronted by threats, such as hacker attacks, data breaches and network downtime.

A costly crime

In 2012, cyber crime cost companies around the world a total of $388bn, according to a recent estimate from the World Economic Forum.

Despite these warning signs, however, there exists a lack of understanding concerning risk exposures and the overall cyber landscape.

One reason for this is that the situation is constantly evolving and the speed that technology changes makes it difficult to keep up. Legal changes such as new healthcare data standards in the US and the proposed EU Data Security legislation add to the burden.

Cyber insurance is a relatively new insurance product backed by a growing number of underwriters in the marketplace. The coverage that in the past has been quite restrictive has been growing more flexible, with insurers responding to the demands of corporate customers. The options are currently wider than they have ever been.

The checklist

Businesses need to get a grasp of the cyber landscape and proactively mitigate their own exposures. To do this they should:

  • implement a comprehensive risk-assessment and align security investments with identified threats;
  • understand their organisation’s information and who wants it – consider who the adversaries may be and the tactics they might use to get the information; and
  • embrace a new way of thinking in which information security is both a means to protect data and an opportunity to create value to the business.

Christopher Keegan is Willis’ expert for cyber and errors and omissions insurance coverage focusing on placements and advice on media, technology, network and privacy risks.