Cyber Insurers Won’t Cover Data Breach

20140222_WBC387.png

After Ponemon Institute’s report highlighted insurance protection as a way to mitigate the risk and consequences of a data breach, I’m sure some CEOs out there breathed a sigh of relief. “Great, we can just get cyber insurance and not have to worry about actually being cyber secure.” 

Wrong!

Insurance protection is just one of the ways to mitigate costs; you must also consider having an incident response plan and team in place, extensive use of encryption, business continuity management involvement, CISO leadership, employee training, board-level involvement, and other factors.

Insurers can decline to pay out over inadequate cybersecurity.

Recently, California health care provider Cottage Health System awoke to news when their insurer declined to pay out for their data breach back in 2013 because they had failed to follow, “minimum required practices”. Specifically, the insurer is claiming that Cottage “stored medical records on a system that was fully accessible to the Internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the internet.”

Failing to implement basic cybersecurity measures will almost certainly mean that your insurance brokers won’t cover you. Considering the average cost of a data breach is now $6.5 million, this is a hefty price for any organization to pay out.

Basic cybersecurity practices:

Check your insurance policy carefully, but generally you’ll need to make sure you have these fundamentals of basic cybersecurity right.
    
Download software updates. It sounds like a no-brainer, but it is amazing how many viruses exploit outdated software. Use strong passwords. That is, passwords that contain a mix of lower- and upper-case letters, numbers, and symbols. And don’t leave your passwords lying around for everyone to see!
     
Don’t open suspicious emails. As we regularly report on this blog, a staggering number of phishing emails are sent every day. You need to be aware of these scams and ensure that you and your staff do not click on malicious links.
    
Use antivirus software. 

Train your staff. People are your weakest security link – fact. Cyber criminals look to exploit the human fallibility or curiosity. For all the cybersecurity you have in place, one ill-advised click can undo all of your hard work. Staff awareness training is essential to successful cybersecurity. 
    
Encrypt your systems and mobile devices. Don’t make a hacker’s job easier than it already is! In fact, if you implement robust cybersecurity measures, you will not only reduce your chance of suffering a data breach in the first place, but your insurance premiums will be considerably lower, too.

Implementing an information security management system (ISMS) aligned to ISO 27001 is considered to be the most comprehensive approach to effective cybersecurity. Recognized worldwide, ISO 27001 covers technical testing, incident response, bring your own device (BYOD) policy, risk assessments, and many other areas to ensure the confidentiality, integrity, and availability of your information that no other standard or framework can offer. ISO 27001 registration instills confidence in your clients and stakeholders that you take information security seriously, often winning you new business and strengthening existing partnerships.

It Governance:  http://bit.ly/1BqrzIs

« Paying for Non-Secrets
The Ever-evolving Cyber Threat to Planes »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

ViewDS Identity Solutions

ViewDS Identity Solutions

ViewDS Identity Solutions develops innovative identity software including cloud identity management solutions, directory services, access and authorization management solutions.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

Apollo Secure

Apollo Secure

Apollo is an automated cybersecurity platform for startups and small businesses to achieve and maintain security compliance.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.