What in the Heck Is Cyber Risk Assurance?

Cyber risk assurance is a combination of two concepts rather than a product.

Nearly everyone would agree that businesses and other organizations face cyber risks. You can’t read a paper or magazine, watch a national newscast or listen to the radio without getting information about the latest computer security breach. The problem is global and expanding.

Losses, now surpassing more than the world’s illegal drug trade, can be catastrophic to organizations that suffer a security incident. Database hackers, for example, can steal personally identifiable information (PII) of customers and make it available to criminal gangs and identity thieves. They, in turn, can sell the confidential information on the streets. Criminals can then open charge accounts, make illicit purchases, gain access to private bank records or possibly do something worse. The company that is the target can face liability lawsuits, loss of business, damaged reputations and in some cases government fines.

The bad news just keeps on coming. Information security breaches are becoming more sophisticated and numerous. Law enforcement isn’t able to help and is way behind the curve. Malicious cybercriminals risk very little when perpetrating their illegal activities. They can reap high rewards.

Brace yourself, however, because things are going to get worse. The number of Internet addresses that can be assigned has dramatically expanded. The Internet’s original addressing scheme (IPV4) provided for roughly 4,200,000,000 (or 4.2 billion unique end points). The newer structure (IPV6) will provide a trillion, trillion addresses or (340,282,366,920,938,000,000,000,000,000,000,000,000).

That is a lot of Internet addresses!

Computing devices and other digital signal processors, all with Internet access, can be placed in virtually anything like home appliances or machines on the factory floor. Each address is subject to malicious cracking. The rush is on to do so. That reality spells real trouble.

What can an organization do?

A business or other organization must adopt cyber risk assurance as a business process. Doing so would immediately provide protection from possible loss and damage due to a cyber attack on an organization’s information infrastructure (records, networks, and costs associated with the aftermath of a computer security breach).

Adopting cyber risk assurance practices merges two important concepts. The first involves deploying what is known as “security best practices” throughout the company. Typically, experts explain this dimension as “providing for regular computer security awareness” training for everyone in the company. The second aspect of cyber risk assurance involves the company transferring any possible financial losses to a relatively new product called “cyber risk insurance”.

Merging industry standard security best practices with a custom-designed cyber risk insurance policy can potentially provide a company with a best-case possible scenario in the face of mounting cyber threats.

Experts know that perfect information security is impossible. But a company or other organization can improve the chance of preventing a successful attack by following a systematic process designed to block attempted intrusions. Cyber risk insurance can help offset any financial losses that might “get through” the organization’s security plan.

Are you prepared for the consequences of a successful cyber attack? Would you be able to demonstrate to the courts that you practiced due-diligence and weren’t negligent? If you can’t answer yes to both questions you are at risk.

Source by William G. Perry, Ph.D.


Related Post