Cyber resilience key to insurers’ response

Lauren Kornutick, solutions manager, compliance, Fusion Risk Management explains businesses need to address their cyber resilience amid expectations that the rise in cyber attacks last year is only set to continue.

2021 brought a year of record cyber breaches. With high profile attacks hitting the headlines from the Kaseya attack and Colonial Pipeline Company shutdown to the Schreiber Foods hack, where one of the largest cheese producers in the United States closed for days after hackers compromised their systems, causing a nation wide cream cheese shortage, risk and compliance have become a key boardroom priority.

The recent increase in supply chain attacks means time is running out for businesses to implement a robust cybersecurity framework. There are no second chances when it comes to cyber preparedness. Organisations must adopt a holistic approach to resilience with ESG integration and be proactive in making all business decisions with resilience in mind.

ESG and cybersecurity in risk modeling

The increase in cyber security attacks has driven more stringent underwriting process which has led to maturing of the cyber insurance market and seen insurance companies demanding much more from organisations when it comes to risk mitigation. 2021 witnessed a high number of large-scale, devastating cyberattacks that rendered services inoperable for some time while the victims of the attacks suffered severe financial loss and has since left some customers deemed “uninsurable” because of poor cyber-hygiene. In 2022, businesses can expect to experience greater accountability in minimizing risk as underwriters have grown a lot more aware of what kind of risk controls make effective cyber programs.

They will need to evidence to the cyber insurance provider that they have robust and structured processes and policies to prevent a breach as much as possible. For example, cyber insurance underwriters now expect businesses to adopt multifactor authentication within their IT environment and an updated patch management program, air-gapped and encrypted backups and employee awareness and phishing simulations among other strategies.

Customers, employees and investors are increasingly holding companies to account for their ESG practices around equality and diversity, for example, and climate change. Companies are expected to act morally and responsibly to support the broader objectives of their local community and the wider world. Like cyber insurance, insurance companies have linked the strength of ESG programs to predictors for risk and placed increased scrutiny on these programs. At the same time, there is increased momentum around the role of ESG in financial disclosures. For instance, the House of Representatives in the United States recently passed legislation that, if signed into law, would require companies to report ESG metrics. In Europe, SFDR regulations continue to evolve.

As we enter 2022, businesses will need to fully understand the ESG issues that affect their company and embed them into their risk management and business operation framework. They will need to ensure ESG policies and procedures are integrated into their culture, systems and processes and be wholly transparent in their ESG approach through structured ESG reporting.

The key component: operational resilience

Resilience is not just about overcoming a disruption or managing to operate in the face of multiple unexpected events outside of an organization’s control – it means so more than that. Organisational resilience is about proactive organisational decision making and this involves incorporating the separate functions of governance, risk, and compliance alongside other business functions into a business’s objectives.

Next year, we’ll see business leaders focus on creating smarter, more resilient ecosystems. Third-party partnerships will be necessary to this, too, with leaders placing third-party management at the centre of strategic risk and operational planning and modeling.

While reputational risk has always been a concern, it has hugely amplified in the last 12 months. Leaders realise that if an incident does occur, they need to demonstrate that it’s not resulted because of their organisation’s culture or values. They need to minimize any reputational damage that a data leak or cyberattack can cause.

Organisational resilience is not just something you do once and it’s done, box ticked. It’s a lifelong living, breathing, ever-evolving process that does not occur overnight. We’re all learning together about the right and appropriate approach to risk and resilience, and the journey is never really finished. It’s about creating a strong sense of organizational priorities and purpose and mobilizing stakeholders, employees, investors, customers to personify this and truly deliver a robust and relevant business model with risk and resilience at the center of the methodology.

Customers, employees and investors are increasingly holding companies to account for their ESG practices around equality and diversity, for example, and climate change. Companies are expected to act morally and responsibly to support the broader objectives of their local community and the wider world.

Follow us on twitter: @risksEmerging

CyberRes partners with #Googlecloud in lead up to #BigQuery release, reports @ITBriefAU: http://ms.spr.ly/6019jMSad #DataPrivacy #DataProtection #DataSecurity #CyberResilience @MicroFocusSec

Twilio discloses data breach after SMS phishing attack on employees | BleepingComputer

#databreach #phishing

https://www.bleepingcomputer.com/news/security/twilio-discloses-data-breach-after-sms-phishing-attack-on-employees/

New video by ReviewTechUSA: The DSPGaming "Demanding An Apology" Saga In Autistic Detail https://youtu.be/y6x1Q2nubO0

#youtube #tech #technology #photography #passiveincome

Security Think Tank: Don’t rely on insurance alone https://www.computerweekly.com/opinion/Security-Think-Tank-Dont-rely-on-insurance-alone #ITSecurity #CyberSecuriy

#sundayvibes Never too late to learn

#AI #DataSecurity #DataAnalytics #RStats #Reactjs #Python #php #flutter #java #TensorFlow #Cloud #developer #BigData #5G #MachineLearning #R #reddit #WomenInSTEM #fintech #technology #blockchain #100DaysOfCode #Web3 #IoT #dataScientist #jobs

A bash script that will automatically install Bug Hunting tools used for recon

https://github.com/JoyGhoshs/0install

Linux #bugbounty #Spring4Shell #infosec #thesecureedge #cybersecurity #Java #tech #Web3 #redteam #bugbountytips

Fifth Third Bank's CIPA Deal OK'd With $16M Atty Fees #infosec #infosecurity #cybersecurity #threatintel #threatintelligence #hacking #cybernews #cyberattack #threathunting
#cloudsecurity #appsec #malware #ransomware #devops #dfir #bitcoin #CISA #owasp
http://cyberiqs.com/latestnews

Load More...
SHARE: