Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm

    • Protect the environment. Think before you print.

Sound cyber security practices start with good planning

October 16, 2017

It’s not so much a question of if it will happen, but when it will happen.

server blue wires

Data breaches and cyber attacks continue to plague organizations worldwide. A recent report from Lloyd’s of London found that a single cyber attack on a major cloud service provider could hypothetically cause an economic loss as high as the cost of Superstorm Sandy in 2012. We are a culture that increasingly relies on technology and devices. Whether it’s to entertain, do business or connect with people — we are all users of technology and we are all at risk.

Information security and privacy liability have been discussed at great lengths in several forums, but the same core principle of risk management still applies: have a plan for when a breach happens because any data in the care of your business can be at risk. This is why it’s important to build a culture of awareness within your organization to ensure effective escalation and timely response. A few quick planning steps to consider:

  • Know what data is managed or accessible by third-party vendors and understand the controls they have in place.
  • Have third-party vendors for notification and credit monitoring lined up.
  • Be sure you have a strong communications plan set up, either through your own public relations firm or a third-party, and develop a statement addressing the situation and how it is being handled.
  • Have an FAQ website ready to launch where victims can get answers.
  • Be sure to consult with peers on how they are preparing or how they have handled a breach situation. Find out what consultants they used. If they’re good, you may want to consider placing them on retainer – ready to go into action if a breach occurs.
  • Perhaps most importantly:  maintain in-house communications. Make sure your team includes general council, the risk manager, the supply chain manager, public relations, operations, IT – make sure they’re all talking to one another to ensure no efforts are being forgotten or wasted.

Security & Privacy Insurance: Building a culture of awareness

Taking preventative measures is critical to preventing the risk of a data breach. However, there is no guarantee that those risk measures will prevent the threat. Being vigilant in testing and protecting your data may be the best form of risk management.

This is especially true if you have a third-party vendor retaining data for you. You need to make sure that they have processes in place to secure that data. If they have a breach, your company will not be absolved of your responsibility because they were the ones managing the data. You still may be held liable for the vendor’s negligence and be responsible for notifications.

So how can insurance help? Insurance can help businesses manage the evolving risk and financial impact of data breaches.The coverage is evolving as new scenarios and attack vectors emerge, so building a strong relationship with an insurer and broker who specialize in this space is essential to understanding coverage options for your exposures. Is your business being proactive in the war on data? What steps are you taking to make sure your information is protected?

The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.

Related Industries

Technology

Related products and solutions

Cybersecurity and privacy