A few hours ahead of schedule, we've just sent customers August's package of security awareness materials covering cyberinsurance - a new field, a novel awareness subject, and the 62nd topic in our bulging portfolio.
Cyber risk is an increasingly significant concern to organizations that are critically reliant on IT systems, networks and data ... and can you think of any that are not critically reliant? Aside from the direct, immediate impacts (losses and costs) and effects on business systems, networks and data, cyber incidents may have devastating business consequences if supply chains, perhaps even whole industries and nations are affected. The risk extends throughout and beyond the corporation.
Arguably the most effective way to reduce cyber risk is to avoid risky business activities altogether … but naturally that means forgoing the business benefits of those activities. It's not even possible in some cases.
The next best option is to mitigate or reduce cyber risks using cybersecurity controls. These can be complex, costly and imperfect, but at least the activities can take place. Security professionals naturally favor this option: it's their home turf ... but it's not the only way.
Sharing or transferring risk to third parties (such as insurers and business partners) is the subject of August’s materials ... and I'll have more to say about that during the month ahead.
Finally we have the option to accept cyber risks that have not been treated (eliminated or reduced) in other ways – actually, ‘option’ is a bit misleading since some cyber risks have to be accepted, regardless: there is no choice. Risk acceptance is the default, leaving us exposed to the possibility of cyber incidents and the consequences thereof.
In short, cyberinsurance reduces the amount of cyber risk we have to accept.
The awareness module delivers 60 Mb of cyberinsurance awareness materials:
And look what turned up this morning ...
No comments:
Post a Comment
The floor is yours ...