Cyber Insurers Won’t Cover Data Breach

Uploaded on 2015-06-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

20140222_WBC387.png

After Ponemon Institute’s report highlighted insurance protection as a way to mitigate the risk and consequences of a data breach, I’m sure some CEOs out there breathed a sigh of relief. “Great, we can just get cyber insurance and not have to worry about actually being cyber secure.” 

Wrong!

Insurance protection is just one of the ways to mitigate costs; you must also consider having an incident response plan and team in place, extensive use of encryption, business continuity management involvement, CISO leadership, employee training, board-level involvement, and other factors.

Insurers can decline to pay out over inadequate cybersecurity.

Recently, California health care provider Cottage Health System awoke to news when their insurer declined to pay out for their data breach back in 2013 because they had failed to follow, “minimum required practices”. Specifically, the insurer is claiming that Cottage “stored medical records on a system that was fully accessible to the Internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the internet.”

Failing to implement basic cybersecurity measures will almost certainly mean that your insurance brokers won’t cover you. Considering the average cost of a data breach is now $6.5 million, this is a hefty price for any organization to pay out.

Basic cybersecurity practices:

Check your insurance policy carefully, but generally you’ll need to make sure you have these fundamentals of basic cybersecurity right.
    
Download software updates. It sounds like a no-brainer, but it is amazing how many viruses exploit outdated software. Use strong passwords. That is, passwords that contain a mix of lower- and upper-case letters, numbers, and symbols. And don’t leave your passwords lying around for everyone to see!
     
Don’t open suspicious emails. As we regularly report on this blog, a staggering number of phishing emails are sent every day. You need to be aware of these scams and ensure that you and your staff do not click on malicious links.
    
Use antivirus software. 

Train your staff. People are your weakest security link – fact. Cyber criminals look to exploit the human fallibility or curiosity. For all the cybersecurity you have in place, one ill-advised click can undo all of your hard work. Staff awareness training is essential to successful cybersecurity. 
    
Encrypt your systems and mobile devices. Don’t make a hacker’s job easier than it already is! In fact, if you implement robust cybersecurity measures, you will not only reduce your chance of suffering a data breach in the first place, but your insurance premiums will be considerably lower, too.

Implementing an information security management system (ISMS) aligned to ISO 27001 is considered to be the most comprehensive approach to effective cybersecurity. Recognized worldwide, ISO 27001 covers technical testing, incident response, bring your own device (BYOD) policy, risk assessments, and many other areas to ensure the confidentiality, integrity, and availability of your information that no other standard or framework can offer. ISO 27001 registration instills confidence in your clients and stakeholders that you take information security seriously, often winning you new business and strengthening existing partnerships.

It Governance:  http://bit.ly/1BqrzIs

« Paying for Non-Secrets
The Ever-evolving Cyber Threat to Planes »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

IT Security Association Germany (TeleTrusT)

IT Security Association Germany (TeleTrusT)

TeleTrusT is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.

SoteriaSec

SoteriaSec

SoteriaSec is a premier cybersecurity firm providing comprehensive digital forensics and incident response services.