In our increasingly interconnected environment, not much debate exists as to the dangers of financial system infringement by cyber threats. One need only access the daily news to uncover stories of high-profile hacking incidents, or the latest software security weakness.
The realisation that new schemes are constantly being devised to attack business and financial systems makes keeping up with best practices for financial risk management a necessity. Minimising and mitigating security breaches and the potential damage they pose is not only an I.T. issue, but also an administrative responsibility. One potential solution, albeit an incomplete one, is cyber insurance.
Many financial professionals are surprised to discover that their commercial insurance policies do not cover cyber security risks. If this is the case, a dedicated cyber security policy may be indicated. Unfortunately, the industry of cyber insurance is still in its infancy, making scrutiny of potential coverages even more crucial than with other types of loss instruments. Lack of actuarial data and the absence of standardised cyber risk management guidelines are only a few of the obstacles facing insurance carriers in their efforts to provide adequate cyber insurance. The Department of Homeland Security and other regulatory agencies, although involved in cybercrime enforcement, must necessarily limit their role.
The buck stops at the insurance consumer, whose partnerships with public entities and other initiatives are likely to drive the business cyber protection marketplace. As with other types of insurance, affordable policy premiums are dependent upon infrastructure adequacy and internal risk management engagement. Steps to address cyber security issues within financial organisations should include:
Education of employees at every level
Placement and ongoing development of fundamental safeguards, such as system monitoring, data inventories and back-up and continuation-of-business plans
Timely reporting of major security related incidences
Engagement with regulators in order to understand best cyber security practices
Understanding potential threat motivations and targets
- Analysis of data, to serve as activity indicators and determine recovery levels
Good insurance coverage can only result from accurate data compilation and analysis, as well as lowered exposure to constantly evolving cyber threats.