Cyber resilience key to insurers’ response

Lauren Kornutick, solutions manager, compliance, Fusion Risk Management explains businesses need to address their cyber resilience amid expectations that the rise in cyber attacks last year is only set to continue.

2021 brought a year of record cyber breaches. With high profile attacks hitting the headlines from the Kaseya attack and Colonial Pipeline Company shutdown to the Schreiber Foods hack, where one of the largest cheese producers in the United States closed for days after hackers compromised their systems, causing a nation wide cream cheese shortage, risk and compliance have become a key boardroom priority.

The recent increase in supply chain attacks means time is running out for businesses to implement a robust cybersecurity framework. There are no second chances when it comes to cyber preparedness. Organisations must adopt a holistic approach to resilience with ESG integration and be proactive in making all business decisions with resilience in mind.

ESG and cybersecurity in risk modeling

The increase in cyber security attacks has driven more stringent underwriting process which has led to maturing of the cyber insurance market and seen insurance companies demanding much more from organisations when it comes to risk mitigation. 2021 witnessed a high number of large-scale, devastating cyberattacks that rendered services inoperable for some time while the victims of the attacks suffered severe financial loss and has since left some customers deemed “uninsurable” because of poor cyber-hygiene. In 2022, businesses can expect to experience greater accountability in minimizing risk as underwriters have grown a lot more aware of what kind of risk controls make effective cyber programs.

They will need to evidence to the cyber insurance provider that they have robust and structured processes and policies to prevent a breach as much as possible. For example, cyber insurance underwriters now expect businesses to adopt multifactor authentication within their IT environment and an updated patch management program, air-gapped and encrypted backups and employee awareness and phishing simulations among other strategies.

Customers, employees and investors are increasingly holding companies to account for their ESG practices around equality and diversity, for example, and climate change. Companies are expected to act morally and responsibly to support the broader objectives of their local community and the wider world. Like cyber insurance, insurance companies have linked the strength of ESG programs to predictors for risk and placed increased scrutiny on these programs. At the same time, there is increased momentum around the role of ESG in financial disclosures. For instance, the House of Representatives in the United States recently passed legislation that, if signed into law, would require companies to report ESG metrics. In Europe, SFDR regulations continue to evolve.

As we enter 2022, businesses will need to fully understand the ESG issues that affect their company and embed them into their risk management and business operation framework. They will need to ensure ESG policies and procedures are integrated into their culture, systems and processes and be wholly transparent in their ESG approach through structured ESG reporting.

The key component: operational resilience

Resilience is not just about overcoming a disruption or managing to operate in the face of multiple unexpected events outside of an organization’s control – it means so more than that. Organisational resilience is about proactive organisational decision making and this involves incorporating the separate functions of governance, risk, and compliance alongside other business functions into a business’s objectives.

Next year, we’ll see business leaders focus on creating smarter, more resilient ecosystems. Third-party partnerships will be necessary to this, too, with leaders placing third-party management at the centre of strategic risk and operational planning and modeling.

While reputational risk has always been a concern, it has hugely amplified in the last 12 months. Leaders realise that if an incident does occur, they need to demonstrate that it’s not resulted because of their organisation’s culture or values. They need to minimize any reputational damage that a data leak or cyberattack can cause.

Organisational resilience is not just something you do once and it’s done, box ticked. It’s a lifelong living, breathing, ever-evolving process that does not occur overnight. We’re all learning together about the right and appropriate approach to risk and resilience, and the journey is never really finished. It’s about creating a strong sense of organizational priorities and purpose and mobilizing stakeholders, employees, investors, customers to personify this and truly deliver a robust and relevant business model with risk and resilience at the center of the methodology.

Customers, employees and investors are increasingly holding companies to account for their ESG practices around equality and diversity, for example, and climate change. Companies are expected to act morally and responsibly to support the broader objectives of their local community and the wider world.

Follow us on twitter: @risksEmerging

Iranian police fire shots, teargas to disperse protests over building collapse http://reut.rs/3MZamfW

Epcot needs a revamp. Marvel's Guardians of the Galaxy are here to save the day https://cnn.it/3wTGbjw

The #UCLfinal has been delayed — with #LFC fans stuck outside the stadium in the build-up to the game.

It's understood fans have been queueing outside the ground for more than two hours & fans with tickets have so far been unable to get into the ground.

https://theathletic.com/news/champions-league-final-delayed-liverpool-real-madrid/b1jwJmPsZFoM/?source=twitteruk

How sound is your API security program?

Read more on our blog: https://bit.ly/3heoa82

#informationsecurity #infosec #apimanagement #apisecurity #apiassetmanagement #appsec #devsecops

📣 Nuovo Podcast! "#99 - Cybersecurity, la strategia nazionale - DigitalNews del 26 maggio 2022" su @Spreaker #agenziaperlacybersicurezza #baldoni #consigliosuperioremagistratura #cracker #cybersecurity #ddos #gabrielli #hacker #killnet #senato https://www.spreaker.com/user/11849172/20220526-national-cybersecurity-musica

Why is Change Management mandatory for Digital Transformation? #CHANGEMANAGEMENT, #DIGITALCOMMERCE, #DIGITALINFRASTRUCTURE, #DIGITILIZATION, #ORGANIZATIONALDEVELOPMENT, #TECHNOLOGY, #TECHNOLOGYCOMPANY, #TECHNOLOGYINNOVATION
https://buff.ly/3uRw27A

Internet Bug Bounty disclosed a bug submitted by piao: https://hackerone.com/reports/1549636 - Bounty: $4,000 #hackerone #bugbounty

U.S. Warns Against North Korean Hackers Posing as IT Freelancers #cibersecurity #hacking #infosec @TheHackersNews https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Load More...
SHARE: