Cyber Security
Cyber Insurance: Is it time to start the conversation?
B By Meera Wahi
48 | Australian Security Magazine
usinesses are investing in security to manage cyber risk. They wish to safeguard the digital boundaries of their enterprises to prevent external agents from finding a way through their cyber defences. External agents, on the other hand, are continuously trying to access the digital networks, assets and transactions of businesses for malicious gains. Such attempts, classified as cyber incidents, are unauthorised, uninvited and unlawful and frequently successful. Businesses embrace digital technologies for their increased efficiency over dated alternatives, as well as to provide greater value propositions for the customers. However, despite these benefits, acceptance of the risks and liabilities that come with operating in the digital world is necessary, and only taking place now. In this process, general security measures are implemented usually starting with firewalls, anti-virus software, cloud and email security, data encryption, and cloud storage. Additionally, there are NIST framework and compliance, PCI compliance, penetration testing, patch management practices, regular password management, and staff training. The approaches above lend to operational resilience and, in conjunction with implementation of business continuity planning and incident response, the enterprise believes it has fulfilled criteria of fiduciary responsibilities and selfsustainability.
Privacy With the digital world comes customer data, big data and analytics. In implementing digital strategies to target and understand these data subsects, businesses continue to collect large amounts of third-party data from multiple sources. The gain is the insights into customer behaviour, and behavioural data to help corporations serve consumers more effectively. Data comes with obligations to protect privacy of personal data and consumer identity, as well as privacy of digital storage, sharing and/or disclosure of data. If said obligations are not met, businesses can be held liable for privacy breaches, with the consequence of regulatory fines. Risk Management Having summarised current concerns of operating in the digital world, let us visit cyber risk. Cyber risk like others must be measured and managed. Risk can be managed either through elimination, mitigation, transfer – or by acceptance. How are businesses managing cyber risk? Due to increased investing cyber security controls are becoming more sophisticated. However, cybercrime and other cyber incidents are increasing as well. Cyber risk cannot be eliminated entirely, yet ongoing