In a fast-moving cyber landscape, organizations can no longer just focus on preventing the inevitable – they must be properly prepared to respond to an event, says insurer Travelers.
Cyber exposures are evolving at a rapid pace, and companies need to have a robust plan in place to respond to a potential breach or attack, particularly as regulations tighten. While major corporates may be equipped to set that up in-house, the majority of organizations will need to seek external help, says Davis Kessler, cyber head at Travelers.
“Most businesses out there, except for the very large companies, just don’t have the resources to invest in a full breach response capability internally. They don’t have the resources to sit down and do extensive table-top exercises or have a complete breach response team in-house,” Kessler told Corporate Risk and Insurance.
“If a breach happens, every minute matters, so having the ability to be in touch with a team that is experienced in responding to a breach is critical.”
In Europe, the arrival of the General Data Protection Regulation (GDPR) in May upped the ante for organizations’ breach response planning. The law brought in rules that require certain types of personal data breaches to be reported to the relevant data protection agency within 72 hours of the organization becoming aware of the breach, and states that in some cases they must notify the individuals affected too.
Those that fail to comply with the GDPR can be fined up to 4% of their global annual turnover or €20 million – whichever is the highest.
“For the entities that are prepared for that, I think they’re going to be fine. They will avoid fines and penalties if they have a proper response plan in place. But those that don’t have the ability to, or don’t respond in an adequate or timely fashion, run the risk of those fines and penalties,” Kessler said.
Today’s cyber underworld is making it increasingly easy for criminals to launch cyberattacks, according to the cyber head.
“The entry to the cybercrime world is relatively low now,” Kessler said. “The dark web is rife with a marketplace where these cyber criminals can buy and sell data that’s been stolen. They can even purchase malware which they can unleash to the internet – its remarkably easy now.”
Travelers Europe launched a new standalone cyber offering last month which provides liability and first-party cover as well as pre and post-breach response services.