Arthur J. Gallagher & Co. report examines emerging cyber security exposures, how organizations can protect themselves, and practical steps to take before and after a breach occurs
A growing array of security and privacy threats, individually or in combination, pose significant financial, reputational and physical harm to businesses, organizations and the communities they serve. It is critical for organizations of all sizes to understand these various exposures and learn how to detect and address them.
Protecting Security and Privacy in an Interconnected World, a new report available from Arthur J. Gallagher & Co., examines common and emerging technological vulnerabilities and the steps that organizations can take to prepare for, mitigate and address them. Download the report at www.ajg.com/cyberthreats.
Cyber liability insurance and risk specialist Adam Cottini notes that cyber-attacks can be financially, competitively, politically or ideologically motivated. They can even be the work of thrill-seekers with no specific agenda. These attacks can come from outside or within the organization. Regardless of their origins or the motivations behind them, cyber-attacks can have serious, potentially devastating consequences.
Cottini, Managing Director of Arthur J. Gallagher & Co.’s Cyber Liability Practice, spotlights the growing threat from connected technology. “Security may not always be the manufacturer’s top priority because considerations such as speed to market and returns on investment tend to overshadow the investment in security,” he says. “The more networked technology we use, the more ways there are for hackers to infiltrate databases and cause financial or physical harm. Thus there is a growing need for organizations and individuals to be vigilant in protecting connected systems from the consequences of these threats.”
Steps that organizations can take immediately to ensure that they are better prepared when a breach occurs include:
- Bringing together representatives from all functional areas with responsibilities for managing cyber risk to identify and set high-level security priorities, understanding that reducing this risk involves more than an organization’s information technology team
- Cultivating an internal culture of security awareness, educating and training employees to report suspicious activity or potential/actual breaches
- Developing an Incident Response Plan detailing the organization’s process for addressing a potential or known breach
- Interviewing multiple qualified breach response attorneys in advance of a breach, and selecting more than one, in the event that a conflict arises
The report examines the insurance coverages that can come into play in the event of a cyber breach, including the third-party liability and first-party breach response and operational costs that are eligible for coverage under a traditional cyber insurance policy. Some cyber exposures, including many related to the Internet of Things, are not covered by a traditional cyber policy but may be covered under other property/casualty insurance policies. Cottini also details the critical steps that organizations should take immediately after a breach has been detected to ensure that insurance applies.
Given the number of coverage variables, Cottini finally recommends that organizations seek the advice of an insurance broker with expertise in cyber insurance to avoid encountering any unanticipated coverage gaps if a breach occurs.