FEATURE : CYBER SECURITY
This measurability stands in stark contrast to conventional human risk mitigation practices , simple awareness training , which can often take the form of a black hole in terms of understanding impact , and in turn , ROI . With an objective , outcomes-first approach , CISOs can both deliver security improvement and clearly demonstrate the success of the investment to the rest of the C-suite .
As threat actors get smarter about how they target employees , the onus is on organisations and their cybersecurity partners to create a strong line of defence , and the human element is a critical component . Companies that take a more intelligent , personalised approach to curbing risky behaviour will stand the best chance of safeguarding their organisations against cyberattacks , all while making more efficient use of their security budgets . p
Cyber security-insurance or cyber security warranty ?
There are two ways of securing your enterprise : cyber securityinsurance or a cyber security warranty . Both are designed to provide companies with more cyber-defence muscles , but each one fulfils a different role and comes at a very different price point .
Cyber-insurance is designed to provide the business with protection of its assets in the event of a successful cyber-attack . The goal is to cover your business with a financial umbrella and offer support throughout the recovery period after the incident . Some cyber-insurance policies and service providers also offer the business hands-on cyber security expertise from their specialists during and after an attack .
In most cases , cyber-insurance not only covers the actual claim for restoring or remediating the actual threat , but the legal costs which can be invaluable for companies that deal with highly confidential data or operate in highly regulated sectors . If your business can prove that it has done everything possible to mitigate risk prior to an attack , then this insurance will have your back .
However , if an investigation by the cyber-insurance company finds you to be negligible – that you happened to drop some cyber security balls – then they can refuse to pay the claim . Even though companies prioritise ensuring they have the right levels of risk mitigation in place , there is always the chance these are not enough .
Another option is the cyber-warranty , a product that will pay the business a set amount in the event of an incident and covers the gaps that cyber-insurance leaves behind . Often , managed security services companies will offer a cyber-warranty alongside their products as a mark of faith in their own solutions .
If your company invests in a cyber-warranty this does not exclude you from meeting specific requirements around security standards or products . Many warranties are underpinned by an agreement that specifies exactly what levels of security a customer should have in place and what types of products they should be using .
So , now what ? Do you cyber-insure or do you cyber-warranty ? Which road leads to resilience ?
The answer lies in your risk profile and budget . Cyber-insurance is more expensive and calculating the cost paid out to a company after an incident is complex . Many insurance companies are not sure what the actual cost of a breach will be or how this cost balances out against the protections they have put in place .
A cyber-warranty is built on the foundation of cyber-resilience and offers a guaranteed payment amount which is more reassuring . It just makes your business that much more resilient in the event of a successful attack , and this can make the difference between bouncing back or bouncing to the bank .
There is no reason your business cannot invest in both . Companies that complete the requirements for a cyber-warranty and have one in place are significantly lower risk than those without , and this can translate to a decent discount on their cyber insurance premiums .
Richard Frost , Head of Consulting , Armata Cyber Security
48 INTELLIGENTCIO AFRICA www . intelligentcio . com