AIG’s Asia Pacific professional indemnity and cyber manager Matthew Clarke lists his top five cyber tips for risk managers
Sophisticated risk managers are well aware of the increasing level of risk posed by cyber crime. Add to this a dynamic background of legislation and regulation, privacy protection and consumer scepticism, and even the most forward-thinking of risk managers may need to pause to catch their breath. These exposures are now too extensive and serious for risk managers to tackle on their own; it requires full engagement of senior management and, more critically, the board of directors.
There are some simple steps risk managers can take to manage the exposure and mitigate the potential impact of a cyber-attack. It is an obvious starting point but the first step is to understand your company’s exposure. What information does the company hold that is critical in the day-to-day operations? Where is it stored and with what security? If you use ‘cloud’ computing, where is the cloud physically located? Do you keep personal information about customers and staff? Credit card details?
The second step is to get buy-in from your employees. They can be your greatest defence or your Achilles heel. Employees are still one of the most common sources of a data breach. Educating employees on the responsible and effective management of data and how to recognise cyber threats will be one of the best investments a company can make.
The third step is to do the basics. Make sure your company is not the ‘low-hanging fruit’ for opportunistic attackers. Deploy anti-virus software and install firewalls. Importantly, keep them up to date. Encrypt all data, particularly mobile data; laptops, smart phones etc.
The fourth step is to instigate a business continuity plan. How would your business perform if you could not access your data? What processes would need to occur to get the business back onto its feet? Once you have built a business continuity plan, test it. Refine the plan based on the results and test it again.
The last step is to talk to your insurance broker or advisor. The proliferation of cyber liability policies in the market and the broad covers they provide are an excellent safety net in the management of cyber exposures. They will help ensure that the weaknesses in your system are identified, provide you with the immediate support you need should an attack occur and help get your business back up and running at full capacity as quickly as possible.