Ensure your cyber firewalls can take the heat
It’s near impossible for businesses to completely guard against cyber risks, so it’s crucial to have a plan in place for when attacks occur.
Whether they’ve fallen prey to a cyber attack themselves or seen it happen to someone else, most company executives are aware of the likelihood of their business being hit.
However, few take steps to avoid such attacks, and even fewer have a contingency plan for when it happens.
While preventative measures such as firewalls are an adequate starting point, these can never offer 100 per cent protection from cyber attack.
Therefore, information security should be a board level priority and a specialised insurance solution can serve as a crucial part of an organisation’s risk management strategy.
One company that understands the difference between trying to avoid the inevitable and preparing for a rainy day is HDI Global, one of the most respected and leading corporate insurers worldwide.
Having started out as a mutual insurer for the German iron and steel industries, HDI Global now has a global footprint and recorded a gross written premium value of about 4.5 billion euros in 2017.
The insurer has experienced significant growth and is now one of Australia’s fastest growing corporate Insurers.
HDI Global’s managing director and regional head ASEAN and Australasia Stefan Feldmann explains how the company’s international, crosssector expansion led the company into the specialist cyber insurance sphere.
‘‘Clients’ demands of their insurers are continually evolving and we need to be flexible and respond accordingly. HDI has a good reputation of being solution-focused,’’ he says.
‘‘It has been our company’s mission since we were established as a mutual insurer in Germany in 1903 to always be there for our customers with insurance solutions that take the latest industrial progress and technical innovations into consideration.’’
HDI has lead underwriters in every line of insurance business including property, power and energy, construction, marine, liability, financial lines (D&O), crisis management and cyber.
One of those crucial insurance concepts is cyber insurance, which HDI Global’s Australasia crisis management and cyber underwriting manager Karina Rodriguez Diaz explains is primarily aimed at managing cyber risk.
Cyber risk can be defined as the potential financial losses – including business interruption and damage to brand reputation – suffered by companies and organisations as a result of a failure of their information technology systems.
There are many different ways a company or organisation’s IT systems can be compromised, according to Rodriguez Diaz, including unauthorised and malicious breaches of security systems, operational IT failures and accidental or unintentional breaches of security.
Companies that handle vast amounts of sensitive (personal) information have historically been the main target of cyber crime.
But Rodriguez Diaz warns that the scope of cyber risk has dramatically expanded in recent years.
‘‘Technology has changed the way we do business and the risk of a cyber attack is a risk faced by most modern businesses irrespective of their size or industry,’’ she says.
The cases reported in the media are usually attacks that affect large organisations.
‘‘SMEs (small and medium-sized enterprises), which comprise a large percentage of the Australian economy, are also at risk.’’
‘‘It is likely that a large percentage of SMEs do not have the infrastructure and external resources to effectively defend against and manage a cyber incident.’’
Interestingly, the majority of the losses suffered due to cyber incidents are often incurred in the company’s response, usually as a result of poor planning. Many companies don’t factor in the costs of their crisis response, public relations and communication consultants, legal and investigations costs, notification expenses, IT and security consultants and credit monitoring services.
Added to those expenses is the likely rise in the third-party insurance losses from claims against companies by customers whose data has been breached, following the new Australian Mandatory Data Breach Notification regime.
Truly effective management of cyber risks today involves no longer just the IT department, Rodriguez Diaz explains.
‘‘Although the IT team plays an essential role in reducing the risk, a more holistic approach is required to effectively mitigate and manage cyber exposures.
‘‘Proper planning and training is required in order to prevent, detect and respond effectively to a cyber incident.
‘‘This involves different areas of an organisation including, but not limited to, IT, HR, legal and the C-suite.’’
The other crucial element of cyber risk transfer is partnering with an insurer that provides expert response consultants to help guide clients through the incident management process.
‘‘An acute crisis management approach must be adopted from the outset,’’ says Rodriguez Diaz.
‘‘The success or otherwise of an organisation in defending against a cyber incident will largely depend on how well it is prepared to manage the incident and how the organisation responds to it.
‘‘In our view, it is crucial for an organisation to partner with expert response consultants. This is essential to avoid long-term reputation damage and their customers’ loss of trust.’’
HDI Global has partnered with expert consultants who work with their clients should an incident occur within their Cyber+ Insurance cover.
Rodriguez Diaz cautions that only companies willing to spend time understanding cyber risk and preparing for a cyber incident will be truly prepared to face the evolving threats.
‘‘We are prepared to offer coverage where the premium is commensurate with the exposure but mainly where we see a serious commitment to cyber security from the organisation,’’ she says.
In the long run, cyber risks to all companies and organisations aren’t going away.
‘‘Regardless of the organisation’s preparedness, cyber risk cannot be fully removed or eliminated,’’ Rodriguez Diaz says.
‘‘An organisation’s approach and commitment to the management of cyber risk is of paramount importance.
‘‘Cyber insurance plays an important role as part of a company’s comprehensive cyber risk management strategy.’’