Having an insurance policy is readily understood as a necessity to protect valuable items such as a home, car, or your health. It is an element in life that requires a financial cost that may never be used but is invaluable when needed. It is a safeguard for what is deemed valuable. The same idea is beginning to take hold in government as they look to protect valuable data from cyber attacks. Stanton Gatewood, a former Chief Information Security Officer, discussed the value of cyber insurance during recent webinar.
With the rise of technology and vast amounts of data communicated and stored online, insuring your privacy and security should be considered to protect against ransomware attacks or other cyber threats. Gatewood noted that many people might have doubts about investing in cyber insurance, since it is “to protect something you cannot touch and [to insure] [you] from people [you] cannot see.” For state and local government leaders with limited resources makes such an investment may be hard to justify.
However, with what is at stake, should state and local cyber leaders reconsider and make cyber insurance a primary investment?
More than just a policy, the process of obtaining cyber insurance requires several steps. Gatewood breaks cyber insurance into three steps: awareness, preparedness, and resilience. Gatewood states that “cyber insurance has pushed us to a new level of standard.” This standard is setting your organization up with a good program that is both user aware and situationally aware. By preparing all of the hardware, software, and applications, it is crucial to know where your information is at all times. The final piece is to have the resilience and ability to mitigate attacks, like ransomware, and bounce back. It is because of cyber insurance that businesses are “much more aware, much more prepared to protect and defend the information,” said Gatewood.
While cyber insurance should have been part of an agency’s cyber toolbox for many years, the reality is that most are just beginning to explore the concept as well as the costs and benefits. But, as Gatewood pointed out, “cyber securityis a process not a product.” And, in the end, there is a lot of value to be had in the beneficial process of analyzing the company’s assets and liabilities even if the company does not end up buying the insurance.
To find out more about cyber insurance and how to safeguard your business, watch the webinar.