Understand your cyber risks before selecting cyber insurance

03 August 2016

Leon Fouche, National Leader, Cyber Security |

Cyber-attacks and data breaches are becoming an increasing concern and more and more discussions about managing cyber risk are occurring in the boardroom.  Getting Cyber Insurance is often on the agenda when the Board discusses cyber risk management.

If you’re a business owner or key decision maker, there are a few key things you need to understand before you launch into choosing whether cyber insurance is right for your business, and if so, which insurance policy best suits your needs. 

Understand what risks you truly face

The cyber insurance market is evolving, and due to the lack of reliable data about cyber security trends and risks in local markets, insurance companies are constrained in their ability to develop robust risk modelling for the costs of cyber-attacks.  Many mitigate this by having restrictive terms and exclusions in their cyber insurance policies.

As a first step, make sure you undertake a comprehensive risk assessment to understand your business’ current cyber risks. The next step is to quantify these risks and model the potential impact they would have on your business.

For example, you need to understand what the financial impact is if your organisation suffered a data breach or cyber attack. 

Make sure you evaluate risk exposures and assess whether you are comfortable with the level of risk to your business.  If not, you have one of two options - address the gaps by implementing a cyber remediation program or get cyber insurance to cover this.

Evaluate cyber insurance policies

The next step is to evaluate cyber insurance policies for those risks you can’t or don’t want to remediate, and select a policy that provides the cover you need.  

As a final check, validate if the insurance policy will provide you with the required cover by looking at cyber-attack scenarios to confirm the policy would respond to claims for those scenarios.

Once you’ve selected a policy, it’s important to regularly reassess your cyber risk posture to confirm that your cyber defences and insurance policies are providing you the required mitigation.   If you’re interested in understanding more about the challenges facing businesses like yours, take part in our in-depth industry cyber security survey.

BDO has teamed up with AusCERT, the Australian cyber emergency response team, to help the market understand the challenges businesses and organisations face in Australia and New Zealand. 

The BDO and AusCERT Cyber Security Survey is open until midnight 9 September 2016. To participate in the survey, click here.

If you have any questions about the cyber security practices of your organisation, or how you can best protect your assets from cyber breach, please contact with me.