The globalization of business operations and our dependence on the internet for data storage over the past decade has exposed companies to a new set of risks. As this trend continues to grow, so does the risk associated with data breaches of a company’s domestic or international servers.
In 2013, more than 552 million identities were stolen via cyber-attacks and, recently, Russian hackers highjacked more than one billion user names and passwords. As technology evolves, so do the attempts of hackers to breach personal and firm-wide data servers. Consider incidents like that of the retail giant Target, and even more recently, a breach of The UPS Store and Home Depot. These massive data breaches are happening with alarming frequency and, yet, many companies are not sufficiently mitigating the risk posed by cyber threats. Would your company and customer data be protected if it were the target of a hacker?
In evaluating our clients’ risks, we believe that each company has a responsibility to focus on managing the unpredictable threats that are a result of doing business in today’s technologically advanced world and optimizing its ability to respond and recover in the event of a breach. Effectively managing cyber risk requires strategic insight and technological prowess. Cyber risks should be addressed in a three-dimensional way. As important as it is to safeguard data, many organizations’ cyber risk management processes often overlook risks outside the company’s servers and firewalls.
If your company is one of many that are considering implementation of a comprehensive cyber risk management program, below are some steps that we would recommend taking in order to accurately evaluate cyber risk:
- Be proactive rather than reactive. Establish policies and procedures to manage data security within your organization before a breach forces you to act. Identify potential weaknesses and fortify them.
- Hold people accountable. Expand the responsibility for data security to encompass all levels within the organization, and create a culture where data security is a top priority.
- Minimize the opportunity for a breach. Take steps to limit the number of users with administrative access to secure systems that house sensitive data, and protect your network and IT infrastructure appropriately.
- Cover all of your bases. Consider purchasing cyber risk insurance to cover any potential financial loss your company may face if its data was breached, and have a response plan in place.
Executing these steps to manage cyber risk is a crucial piece in establishing any enterprise risk management (ERM) program. If you already have an ERM framework in place, ensure cyber risk is part of it. If you don’t currently utilize an ERM system, consider implementing one. A successful ERM program comprehensively manages your company’s risks, including cyber risk. It is important that those companies that may fall victim to cyber-attacks can respond in an effective and efficient manner which would, in turn, minimize loss and other fallout of a data breach.
Click here to request more information about The ALS Group or cyber risk coverage.