Risk assessment the first step to selecting the right cyber insurance

02 August 2016

As companies look to mitigate the growing risk of cybercrime, a leading cyber security expert said decision makers should complete a comprehensive risk assessment before making any insurance decisions.

Partner and National Leader of Cyber Security at advisory firm BDO Leon Fouche said while cyber-attacks and data breaches were an increasing concern, selecting the right cyber insurance policy to help manage the risk can be more complicated than first thought.

“We are seeing discussions about how to manage cyber risk starting to get momentum in the boardroom, and that is entirely appropriate,” Mr Fouche said.

“If you are a business owner or key decision maker, you need to first understand whether cyber insurance is right for your business, and if so, which policy best suits your needs.  To achieve this, you need a thorough understanding of what risks you truly face.

“The cyber insurance market is evolving, and due to the lack of reliable data about the cyber security trends in local markets, insurance companies are limited in their ability to develop robust risk modelling for the costs of cyber-attacks.

“They mitigate this by having restrictive terms and exclusions in their cyber insurance policies.”

Mr Fouche said there are a number of steps businesses could take to help understand the risks and the cyber insurance coverage required.

He said the first step will be to undertake a risk assessment to understand a business’ current cyber risks, then quantify these risks and model the potential impact they would have on the business.

“For instance, you need to understand what the financial impact is if your organisation suffered a data breach,” he said.

“Make sure you evaluate risk exposures and assess whether you are comfortable with the level of risk to your business — perhaps you need to get cyber insurance to cover this.

“Then, evaluate cyber insurance policies for those risks you can’t remediate, and select a policy that provides the cover you need.  As a final check, you need to validate if the insurance policy will provide you the required cover by looking at cyber attack scenarios to confirm that the policy would respond to claims for those scenarios.”

Mr Fouche said once a policy was selected, it will be important to implement a security risk remediation program to address the gaps and apply cyber incident detection and response processes that allow effective responses to cyber incidents when they happen.

BDO has recognised the fast-changing landscape in the cyber security space, and in a bid to help the market understand the challenges businesses and organisations face, it has teamed up with AusCERT, the Australian cyber emergency response team, to conduct a new in-depth industry cyber security survey.

AusCERT General Manager Thomas King said benchmarking was an important step in getting cyber security right.

“This survey will help to identify current cyber security trends, issues and threats facing businesses in Australia and New Zealand,” Mr King said.

The BDO Cyber Security survey opens today and will be open until midnight September 9.  To participate in the survey, click here.