Insurance policies are common, but what about cyber insurance? With the rise of technology and vast amounts of data communicated and stored online, ensuring your privacy and security should be considered to protect against ransomware attacks or other cyber threats. Stanton Gatewood, a former Chief Information Security Officer, noted that many people might have doubts about investing in cyber insurance since it is “to protect something you cannot touch and [to insure] [you] from people [you] cannot see.” For state and local government leaders with limited resources makes such an investment may be hard to justify.
However, with what is at stake, should state and local cyber leaders reconsider and make cyber insurance a primary investment?
More than just a policy, the process of obtaining cyber insurance requires several steps. Gatewood breaks cyber insurance into three steps: awareness, preparedness, and resilience. Gatewood states that “cyber insurance has pushed us to a new level of standard.” This standard is setting your organization up with a good program that is both user aware and situationally aware. By preparing all of the hardware, software, and applications, it is crucial to know where your information is at all times. The final piece is to have the resilience and ability to mitigate attacks, like ransomware, and bounce back. It is because of cyber insurance that businesses are “much more aware, much more prepared to protect and defend the information,” said Gatewood.
While cyber insurance should have been part of an agency’s cyber toolbox for many years, the reality is that most are just beginning to explore the concept as well as the costs and benefits. But, as Gatewood pointed out, “cyber security is a process, not a product.” And, in the end, there is a lot of value to be had in the beneficial process of analyzing the company’s assets and liabilities even if the company does not end up buying the insurance.
To find out more about cyber insurance and how to safeguard your business, watch the webinar.