Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

External Cyber Security Risks Gain Traction Over Internal Threats


External Cyber Security Risks Gain Traction Over Internal ThreatsHackers, Criminal Syndicates, State-Sponsored Attackers Top Cyber Threats

A new report recently issued by Ernst & Young LLP (EY) reveals that companies increasingly view external cyber security risks as a likely source of threat. This is a shift in viewpoint over previous years when insider threats were seen as the biggest risk. Mind you, employees are still viewed as a significant risk to cyber security but, according to the report, organizations considered the combined cyber security risk of criminal syndicates, hactivists, lone wolf hackers and state-sponsored attackers to be larger than potential attacks from employees, contractors, customers and suppliers. Executives, in fact, viewed criminal syndicates as the largest external threat, said the report. The survey included more than 1,800 C-level executives in 60 countries, which was conducted between June 2014 and August 2014.

Moreover, the report underscores the fact that as companies face increasing risks, they’re not agile enough to address unknown vulnerabilities. Executives identified the actions of careless or unaware employees as the top vulnerability, followed by outdated information security controls or architecture. Budget constraints are one factor behind the slow response. About 43% of the survey’s respondents said that their organization’s total information security budget will remain flat in the coming 12 months. Companies also say they are having trouble hiring cyber security talent to protect their systems. Fifty-three percent of organizations said that a lack of talent is a major obstacle to improving security.

Further complicating the cyber security landscape for companies is the rate in which change occurs today with new product launches, mergers, acquisitions, market expansion, and introductions of new technology all on the rise. The EY report cites that these changes ultimately have an impact on the strength and viability of an organization’s cyber security. Add to this cloud-based services and mobile computing with the use of the Internet, smartphone and tablets and you have an organization’s data accessible everywhere and increasingly more vulnerable to an attack.

Be Prepared for Cyber Attacks

The EY report goes on to encourage organizations to embrace cyber security as a core competitive capability in order to address the threats they face. This means that a business has to be in a “constant state of readiness”, anticipating where new threats may arise. Following are several recommendations from the report:

  • Remaining alert to new threats: Leadership should address cyber threats/risks as a core business issue, and put in place a dynamic decision process that enables quick preventative action.
  • Understanding the threat landscape: Organizations should have a comprehensive, yet targeted, awareness of the wider threat landscape and how it relates to the organization, and invest in cyber threat intelligence.
  • Knowing your “crown jewels”: There should be a common understanding across the organization of the assets that are of greatest value to the business, and how they can be prioritized and protected.
  • Focusing on incident and crisis response: Organizations should regularly test the organization’s capabilities.
  • Learning and evolving: Cyber security forensics is a critical piece of the puzzle. Organizations should closely study data from incidents and attacks, maintain and explore new collaborative relationships and refresh their strategy regularly.

Of course, in addition to taking these steps, part of having a robust cyber security plan is including Cyber Liability insurance, so that if and when an attack occurs, there is coverage to step in to help pay for the costs involved. Cyber Liability, also known as Privacy & Network Security insurance, can be written as part of management liability program (D&O insurance, EPLI, Fiduciary) or as a standalone policy. Coverage can be designed to cover costs related to a claim or suit involving network and information security liability, communications and media liability, and regulatory defense expenses, including fines and penalties coverage. First-party coverage is available to pay for material costs of a breach, including forensic analysis, fees to determine the nature and extent of the breach as well as notification costs. Business interruption and additional expenses can also be covered as result of a breach, depending on the policy purchased.

At Axis Insurance Services, we specialize in Cyber Liability insurance and can design a policy that addresses your company’s exposures. We work with several insurance companies that have taken the lead in cyber liability insurance product development and can help you secure a comprehensive and competitive program. Contact us at (877) 787-5258 to find out how we can help protect your organization.

Source: Ernst & Young

Comments

comments

Blogged on: November 12, 2014 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions