The global cybersecurity insurance market is growing quickly and is expected to reach more than $20 billion within the next few years. Businesses are increasingly seeking insurance coverage as the number of breaches affecting sensitive customer or corporate data or disrupting systems and operations, increases. Rising reliance on technology to connect with consumers, partners and other stakeholders, the takeup of cloud, mobile, Internet of Things and other models, and the growing sophistication of cyber attacks are all combining to increase cybersecurity risk.
In this environment, board members and senior management teams are shouldering greater responsibility – and in many cases liability – for cybersecurity. For directors and managers, this means dumping traditional perspectives that cybersecurity is the province of the technology team and taking a proactive, organisation-wide approach to minimising cyber risk.
Discharging this responsibility means implementing a comprehensive cybersecurity program that incorporates a range of measures to reduce risk. According to the Australian Government’s business.gov.au website, these measures may include updating all passwords to passphrases that swap letters for symbols and use different spelling; using password managers to securely store and generate passwords; using business-grade cybersecurity software; backing up systems and files to portable hard drives; and seeking help from IT professionals if systems are infected by malware such as ransomware.
The website also recommends businesses talk to insurance brokers or insurers about options for reducing cybercrime risk.
However, businesses should not only tighten their defenses against external attacks. Internal attacks and employee errors can also threaten the integrity of customer and corporate data, as well as key systems. Boards and senior management teams should also become aware of these risks and ensure comprehensive plans are in place to mitigate them. Some issues that may be covered by these plans include implementing role-based access to systems and data – meaning workers only access what they need to do their jobs – and educating workers about how to manage data securely. Adopting these plans can further help businesses reduce risk and consequently lower their cybersecurity insurance premiums. In addition, these plans can also minimise the likelihood of incurring the regulatory and reputational penalties of a cybersecurity breach