In the latest edition of the Knowledge we look at the evolving cyber risk landscape and tightening data protection laws and ask how risk managers and their boards can build greater breach resilience.
The days of assuming that data breaches are primarily a problem for US corporates are over. Asia-Pacific may not be as litigious an environment, but rules surrounding data protection and breach notification are becoming increasingly stringent. Asian businesses are chiefly impacted by first-party losses associated with a systems compromise. Companies with headquarters, subsidiaries or customers in regions such as the US and Europe should also be cognisant of their broader exposure.
In the meantime, ransomware attacks such as WannaCry and Petya are further evidence that cyber does not respect borders.
As organisations look to improve their data security and breach resilience, the emphasis is on taking a holistic approach, gaining buy-in from senior management and working with departments such as IT and HR.
Employees, disgruntled or otherwise,can be dealt with via training and implementing stricter controls around access to data. In Asia, the low penetration of cyber insurance reflects a feeling that it does not fully address concerns over social engineering and has been designed with markets such as the US in mind.
Meanwhile the offering evolves, with carriers underwriting more meaningful capacity as they broaden and clarify the wordings within standalone and traditional policies. The breach response packages that many insurers offer provide further resilience, offering reassurance that when the worst happens, the right experts will be mobilised to mitigate the fallout.
Click the link below to download the full report.