Cyber-attacks, such as those being suffered by some of the leading insurance companies in the Spanish market, as well as city councils, public bodies, private companies and individuals, are occurring regularly and systematically with major repercussions, both nationally and internationally. This is because there is an organized criminal movement in the digital world, which is attracted by two main assets: on the one hand, money, by stealing directly, and on the other hand, data, an easily monetizable asset and very attractive to be stolen and used for non-legitimate purposes.
Today, all organizations aspire to improve and increase their level of digital security, with the aim of covering the entire company and its customers. This is a legitimate objective; but it is not realistic because the security of the company is fallible, as a consequence of the historical vulnerability of the components that make up the organization (processes, systems...), so the cyber-risk policies that companies take out must provide coverage for these vulnerabilities. And the success of insurers will be to quantify the risk associated with these shortcomings.
Faced with this situation, what should insurers do to guarantee the security of their clients' and companies' data?
First of all, it is essential that digital access and connections are optimal, as well as guaranteed.
In addition, it is important to be very clear that security is a function of people, processes and technology. Only leading with one of these dimensions is doomed to failure.
Hence, recommendations include maintaining investment levels in digital security; continuing to develop internal resilience, raising awareness among executives and generating commitment among employees, and also accepting new work models and technologies based on cloud, machine learning, etc., which, although they may increase risk, allow operations to be optimized and reach customers more effectively.
In this sense, the new policies should be a gateway to cybersecurity in companies, so that, through collaborations with specialized companies, they can help their clients to correctly assess their level of risk and draw up improvement plans. In the end, knowing what you want to protect is essential to do it correctly. Taking out a policy is a good time and a good opportunity for reflection, where various company stakeholders can intervene, from the most technical to those with a clear business perspective.
Companies must work to prevent intrusions and know how to respond when they occur. The reputational damage of a poorly managed intrusion can destroy a company. If we review some illustrative figures we see, for example, that 1,370 cases of security breaches were declared in 2020 in Spain, tripling those of 2018 according to the AEPD, and 62% of companies with more than 1,000 employees, admitted that in the past year they suffered more attacks, than in previous years. Clearly, it is necessary to do your homework and be as well prepared as possible to face a probable incident.
News Source: Adn del seguro 29/4/21