Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm

    • Protect the environment. Think before you print.

Cyberthreats are on the rise. Is your business prepared?

December 11, 2018

To prepare for future cyber risks, combine risk transfer solutions with effective resilience planning.

monitoring cyber risk

By Yosha DeLong, Technical Director - Cyber

Threats posed to businesses, individuals and governments by cyber criminals are now considered to be among the most serious of global risks. By one estimate, it is projected that cybercrimes could cost over $6 trillion globally by 2021, double the $3 trillion toll in 2015.1

The nature of cybercrimes is changing dramatically. What began as simple “data hacks” soon morphed into such highly disruptive events as digital denial of service (DDoS) attacks and sophisticated malware threats. As organizations firmed up defenses, perpetrators launched new and even more disruptive attacks, such as 2017’s WannaCry and NotPetya ransomware attacks. It is not difficult to imagine future attacks targeting national power grids, transportation systems and the viability of companies large and small.

Insurance solutions may help businesses round out their cyber risk resilience strategies. Zurich recently unveiled a new Cyber Insurance Policy that brings together a suite of important coverages that can be customized to help businesses fortify their risk management strategies. But no matter what insurance solutions companies may select, risk managers, their boards and C-suites must accept that risk transfer alone is not enough. To harden against cyberattacks, companies must cultivate mindsets of cyber resilience across their corporate cultures.

I recently attended a classified federal government cybersecurity briefing conducted by the Office of the Director of National Intelligence, the U.S. Department of Homeland Security and the Federal Bureau of Investigation. It also included a post-meeting discussion led by the U.S. Chamber of Commerce with business leaders from many organizations in attendance. These individuals shared concerns about cyberthreats and discussed opportunities to improve collaboration between the government and private sector.

Participants also voiced concern regarding the cybersecurity postures of middle market organizations. Large organizations are more likely to have the most robust cybersecurity infrastructures; however, we’ve seen some of the biggest firms hit with damaging, widely publicized attacks. Middle market and smaller companies are at potentially greater risk. They face the same threats from network breaches and malware as larger organizations, but may lack the same defensive tools and resilience strategies.

Much discussion focused on the federal government’s support for the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. The NIST Framework consists of voluntary standards, guidelines and best practices that organizations can use to manage cybersecurity-related risks. The purpose of the NIST Framework is to assist organizations in determining which activities are most important to assure critical operations and service delivery.

The NIST Framework recognizes the interconnections that may exist among companies and their customers, vendors and suppliers. Any one of those connections can become a point of entry into a corporate network for a cybercriminal. And not all defenses need to be sophisticated firewalls and anti-malware programs. Sometimes simply training your employees to utilize good password hygiene can be one of your most effective first lines of defense. The NIST Framework offers a wealth of ideas that companies should consider as they formulate cybersecurity strategies.

For more information about cybersecurity resilience, visit the Zurich Knowledge Hub.

1. Morgan, Steve. Cybersecurity Ventures. “2017 Cybercrime Report: Cybercrime damages will cost the world $6 trillion annually by 2021.” 16 Oct. 2017. https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/2015-wp/wp-content/uploads/2017/10/2017-Cybercrime-Report.pdf

Related links

The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.