San
Francisco Based Security Firm Recommends Full Cyber Risk Assessment
to Prevent Losses that Can Cost Millions.
San
Francisco, CA, USA -- Losses from cyberattacks and security
breaches continue to plague companies of all sizes, and while more
organizations are investing in basic cyber insurance, most are
woefully underinsured. According to Greg Reber, CEO of AsTech
Consulting -- independent cyber security experts specializing in
software and IT infrastructure security -- to protect themselves,
companies need a comprehensive risk assessment and to work with
underwriters to make sure they both agree and understand the terms of
cyber insurance policies.
The
history of financial losses from a cyber-attack are well documented.
Target reported $252 million in expenses related to its data breach
in 2013, however the company only had $90 million in cyber risk
insurance. Similarly, Anthem Inc. suffered a data breach in February
2015, and the company is now providing credit monitoring and identity
protection services to patients who were affected. In both cases,
insurance coverage was inadequate to cover costs and additional
losses from litigation and class-action suits.
According
to a recent study by the Ponemon Institute, companies are four times
more likely to insure physical assets than information assets, even
though the Probable Maximum Loss (PML) from loss of intellectual
property can exceed $200 million. Of those surveyed by Ponemon, 52
percent see cyber risk exposure increasing but only 19 percent have
cyber insurance coverage with an average limit of $13 million, and 54
percent have no plans to purchase cyber insurance.
"Executives
underestimate the potential losses from a cyber-attack and are
unclear how to best insure their operation against potential losses,"
said Reber. "They buy cyber risk insurance, but too often the
coverage is inadequate since many insurance companies rely on
self-reporting when assessing areas of coverage. By being better
educated about cyber risk and cyber risk insurance and taking simple
preventative steps to isolate potential areas of cyber risk,
companies will be in a much better position to protect themselves
when they do have a security breach."
Cyber
risk insurance policy coverage is often based solely on information
provided by the company and insurance questionnaires are generic and
leave companies under insured. Another common issue is undervaluing
the potential losses from a cyber breach, resulting in substantial
losses not covered by insurance.
To
ensure proper cyber risk insurance coverage, Reber recommends
companies take a number of steps:
1.
Assess their cyber risk to understand the specific possibilities for
a cyber-attack and what data could potentially be exposed or lost.
The best approach is to assume that you can't cover all possible
contingencies, so it's a matter of when a breach will occur, not if.
2.
Develop a cyber breach response strategy, including remediation and
notification, to minimize potential losses.
3.
Work with an experienced cyber risk underwriter that understands the
potential losses from a cyber-attack or data breach and is willing to
develop a policy with adequate coverage.
4.
Review potential cyber risk annually, since the degree of cyber risk
changes over time.
About
AsTech Consulting
AsTech
Consulting has been helping Fortune 1000 companies manage risk and
protect vital information assets since 1997. AsTech's technical team
are true Internet security experts, providing a full suite of
services focused on risk management and mitigation including
Vulnerability Discovery and Remediation, Secure Development Training,
Secure Software Development Lifecycle Consulting and Security
Architectural Design. For more information, visit
http://www.astechconsulting.com.
Contact:
Tom
Woolf
Public
Relations Director, Gumas Advertising
415-259-5638