President Obama recently delivered a high-profile speech in Silicon Valley to tech industry executives, calling for closer cooperation between organisations to help defend each other against the threat of cyber-attack.
This marks an interesting change in direction in terms of government advice for organisations looking to defend against cyber-attacks. With the Sony breach continuing to cause damage for the company, Obama’s statement to move cyber security to the top of his 2015 agenda speaks volumes about how serious the threat is.
Most organisations that deal with any form of sensitive or valuable data will know the importance of protecting their business. But many perhaps won’t appreciate the many different means in which a breach can impact a business. A breach of data is one thing, but as we saw with Sony, the repercussions can be far reaching, in its case resulting in the resignation of one of the top executives that was implicated in the email leaks.
Obama’s comments that organisations should share knowledge and best practise are welcome as this is one of the only ways in which to thwart attackers. It is impossible to fully protect a network, and so the more steps you can take to minimise a breach once it has happened, the better.
From an insurance perspective, working with experienced partners to help mitigate business risks is a tactic that has been around for years. The use of warranties as a means of ensuring good moral hazards is particularly common within cyber insurance as it encourages just that; good practise and behaviour amongst organisations in order to prevent cyber breaches occurring.
Working with strategic partners is important at every stage of defending against cyber-attack as there are a number of tactics that can be used prior, during or after a breach.
Prevention, such as firewalls or employee education, is always preferable to cure but organisations should always prepare for the worst case scenario – engaging partners such as forensic IT consultants or data recovery providers.
So why should organisations consider working with external partners from an insurance perspective? One of the key reasons is to help achieve better premiums for more extensive cover; insurers will look favourably on organisations that have taken the most appropriate steps necessary in order to both prevent a breach and minimise the impact should a breach happen.