.jpg)
Prevention. In the insurance world, taking preventative measures against exposures is key to the business, but some threats are just not preventable – one of them being cyber. This “omnipresent boogeyman” is experienced by businesses large and small, and yet, even with its vast exposure, many still wonder: what is a cyber risk – and how do you mitigate it?
“A cyber risk can be as simple as a lost password or it could be a full-on data breach,” shares Laird Rixford, CEO of Insurance Technologies Corporation (ITC). “There is no way to unequivocally prevent any cyber exposure that a company will have; however, there are technologies out there that will help you assess and mitigate these issues. But before you can further mitigate any cyber exposure or liability, you have to understand what they are and the attack profile of your organization.”
As Rixford explains, once an attack profile is in place at an organization that identifies attack vectors and present risks then technology can be chosen to correctly assess and mitigate possible cyber exposures. “The amount of technology available is actually very limited … it is really about preventing access, encrypting data and securing data so that it is safe from malware attacks or ransomware.”
Technology, such as an intrusion detection system (IDS), which monitors a network or systems for malicious activity or policy violations, can be valuable for an agency’s cyber risk mitigation. But, the most accessible and cost-effective cyber risk mitigation methods that every business needs comes down to three points: “Firewalls, virus scans and the encryption of hard drives; those are the three things that people can do right now,” Rixford says.
“The harsh reality is that many agencies cannot afford the protections they fully need. The more you open yourself up, the more risk you present to yourself. It is always a balancing act whenever you do an assessment of how much cyber risk you are willing to take for how much access. I can guarantee that a computer can’t be hacked via the internet if the computer is not connected to the internet, but that computer can still be hacked if there isn’t good security around the physical box. That balance might mean deleting information from your system that is critical to make sure you’re not storing information that can be illegally obtained. It is a process of assessing risk, what data is at risk and how do you mitigate it.”
