Protect Business From Cyber Theft (Cyber Insurance Costs)
Insurance to Protect Your Business from Cyber Theft (Cyber Insurance Costs)
There is a war between computer criminals, against businessmen and organizations. And insurers know it, so you better take the proper precautions.
We do not want to alarm you, but have you ever thought about what would happen if one morning in your business, enterprise or medium-sized company you found yourself the victim of a cybercriminal? Simply, what would happen if all the information of your customers, contacts and suppliers disappears .
Or if perhaps, an employee accessed prohibited pages and ended up opening a security breach in antivirus and patches that your company had.
In this sense, Colombia has been moving forward to offer slightly more developed entrepreneurs, businesses and companies, policies that cover them in case all these protection barriers fail.
And the above is due to the war that cybercriminals wage against companies and organizations.
Just think, what would you do if your email, almost everything handled by the internet, stops working for 30 minutes? Surely in the first 3 minutes, you would already be on the verge of collapse, you could not confirm a customer's request, you would be looking for the enraged technology leader only to complain why everything is not in order and when the answer is: 'it is that, doctor, you told us to save costs ”.
The truth is that cybersecurity, a common theme in many businesses and companies, is approached largely from the perspective of technology leaders.
In fact, the firm EY (formerly Ernst & Young) revealed in its Annual Information Security Survey that in the country, 78% of companies invest less than a million dollars a year in strategies to prevent cyber attacks.
In this report, he warns that organizations globally are more confident that they can predict and resist a sophisticated cyberattack, but their investments do not seem to keep up with the threats that are constantly emerging in this context.
“Currently we are seeking to achieve cyber resilience: feel, resist and react, without neglecting prevention, which is the most effective way to combat cybersecurity risks.
Colombian companies have understood it and progress has been made; however, the evolution of cybercrime techniques is accelerating and greater economic and technical efforts must be made to confront them and reduce their impact, ”says María Conchita Jaimes, partner of advisory services at EY Colombia.
What does the product consist of?
For some years now, insurance companies such as Sura, Zurich, AIG and Chubb have been responsible for developing insurance to protect companies and businesses from the possibility of cyber attacks .
Basically, it seeks to follow the trend in this field that is present in countries such as the United States and a large part of Europe. This scenario is described by Alfonso Chacón, manager of Placement of financial lines at Willis Towers Watson, a global insurance broker with a presence in Colombia.
"While in North America they focus on personal information, in Europe they protect themselves more against their own losses," says the expert.
In other words, in the Anglo approach the risk of losing information is more assured, while in the old continent, the focus is on what the company loses when its systems stop operating due to an attack.
The use of this product initially began to protect the data of companies that made bids with the State, where one of the conditions was the purchase of a policy to cover this risk.
Now, it is possible to obtain protection for an insured value from $ 500 million , with the payment of a premium of $ 25 million, about $ 2,084,000 per month.
From then on, risks for $ 1,000 million can be hedged, or there are even cases of financial institutions that protect information valued at $ 30 million.
"What most worries organizations is the treatment of information, followed by business interruption, because it stops receiving income and the other very relevant is the expenses associated with cyberattacks," said Chacón.
Data loss costs companies more than $ 4 million a year, and they are increasingly exposed to the risk of cyber theft.
More recent examples, such as the Wannacry attack and the threat posed by the Petya attack, which originated in Ukraine, materialize this risk.
All companies worldwide are on alert due to the cyber attack that has already affected more than 74 countries.
These computer viruses are hijacking and encrypting information on computers in exchange for ransom.
It is important to emphasize that the information of an organization is one of its main assets and that if it were lost or something happened to it, it would put its stability in serious problems, and could even be a reason for the closure of the business.
"This loss of data can be caused by multiple causes: human error, equipment damage or deterioration, accidental or intentional deletion, theft, hacker attack, not forgetting how the weather conditions can affect electrical appliances, power surges, blackouts, among others ”affirms Fredy Martínez, Commercial Manager of SATpcs, Sistemas de Alta Tecnología.
According to an analysis of the 2016 Cost of Data Loss study conducted by the Ponemon Institute, which conducts independent research on companies' privacy, data protection and information security policy, it revealed that the average of the cost of data loss in organizations increased from $ 3.2 to $ 4.3 million since 2015.
Recommendations for taking cybersecurity insurance
According to Chacón, the company or business that requires this product must take into account these recommendations:
-Fill in the insurance application form with real information. This helps to make security strengths and threats visible in order to find the best product.
-Don't let too much time go by. Many companies soon forget about the issue and consider that this attack that happened will not happen to them for a long time.
And when they need it, they see that it is more expensive and that becomes a problem.
-Hiring a trusted broker. This serves so that according to the needs of your company, you obtain the insurance that best responds to your needs and risks.
What measures should your SME take in cybersecurity?
The ESET Latin America team, a laboratory for proactive protection against technological security threats, made five recommendations that in no way can be lacking in a company, because they constitute the basis of corporate management:
1 - Antimalware software
According to the ESET Security Report 2017, almost half of companies in Latin America were infected with malware last year. And in addition, 16% described that these infections were with variants of ransomware, a malicious code that encrypts information or blocks the computer and then asks for a monetary ransom so that victims can access them again.
For these reasons, robust security software is essential in any type of security plan.
2 - Email
The mails are still the most used attack vector because it is massive and economical to spread an attack.
It is necessary to have security measures in the servers and antispam solutions. In addition, the important thing is to educate the members of the companies so that they know that they should not open files that may appear suspicious and ask themselves certain questions before clicking.
3 - Software updates
It is a fundamental and universal control for any type of company. Updates not only bring operational improvements and code corrections, but the use of old versions represents a risk, especially if it is applications used to manage the business.
If there are unpatched vulnerabilities or bugs, they could be exploited to compromise a computer or an entire corporate network.
4 - BYOD
The use of personal equipment for corporate purposes is a reality. SMEs, for budget reasons, cannot always provide their entire workforce with corporate teams for the job.
Therefore, it should be considered educating employees on how to use their equipment correctly, and investing in security solutions for such equipment, especially since they handle company data that, if compromised, can cause a incident affecting business continuity.
5 - Worry about safety
Many organizations start from the premise that the information they handle is not important but, in fact, cybercriminals start from that premise to attack those who believe they go unnoticed.
It is vital to have not only technological solutions such as an antivirus , but also a correct management of these controls and work to raise awareness among employees, who represent the weakest link in the chain.