By Foundstone Services
Advancement of technology is deriving proliferation of threat landscape rapidly which extend attack vectors. With proliferation of automated tools available for cyber criminals; it’s not a matter of “if” but “when” there will be a security breach. There are two types of organizations in this category, those who’ve been hacked, and those who don’t know they have been hacked. The likelihood that your organization is next is not very unlikely. Is your organization prepared for a target of information security breach?
That will depend on if you have an operational Security Program which is functional enough to manage risk of a potential security breach. Now, the million-dollar question may be, is your Security Program resilient enough to sustain the risk and can it afford to absorb losses for future security breach. The security threats are evolving on daily basis and there are unknown threats like zero day threats where you need to add cyber insurance (which provides coverage from losses resulting from data breach or loss of confidential information) as a part of risk management strategy to tackle unnecessary disruptions to your business. As a part of risk management program, organizations regularly determine which risks to avoid, accept, control or transfer. This where transferring risk to cyber insurance take place and it can compensate for some residual risk.
Some may argue that they got liability insurance, which should cover security breach. Those days are behind us when organizations thought liability insurance were enough to cover the security breaches. Sony thought their general liability insurance covered them, but the court confirmed that policy did not have specific clauses to cover the security breach which was estimated $170M. Another highly publicized security breach of Target cost the retailer about $348M but the retailer had only $100M in cyber insurance coverage from multiple underwriters.