Protecting the "crown jewels"
Article information and share options
The US National Cyber Security Alliance has found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber-attack.
The most important question you have to answer when reviewing cyber security is: where are the assets that we cannot afford to lose? These assets could be sensitive data or product-related information, anything that is the lifeblood of your business.
The next step is to identify ways in which such assets could be compromised. Those are the key action points, which make all the difference to your resilience against a cyber-attack. Broadly speaking, the vulnerabilities will either be external or internal to your company.
The external incidents are the ones you tend to hear about in the media. As a result, people are more aware of them. The external threat will always be a feature as no system can remain in splendid isolation forever. Therefore the aim is to add extra security layers to vital assets and carefully monitor their interaction with the outside world, including your other systems.
As regards the internal risk, it can arise either from error or malicious intent. Implementing the four-eye principle goes a long way towards eliminating both these risk types. This may seem rather laborious in practice when a user always needs to involve another person to access critical data. However, as always it's a cost/benefit issue. What is the real cost of using two people instead of one for a task when compared to the potential loss of not doing so?
Cyber security is such a broad concept that it can be a challenge to decide where to start. The logical approach is to start with the worst-case scenarios and work back from there. This may sound obvious, however a corporate cyber security survey conducted by Swiss Re and IBM® revealed that only 20% of respondents had actually analysed their vital information assets and processes.
Have you identified your crown jewels? How secure are they?
A data breach doesn't mean game over. After a cyber-attack we get you back in business.
Learn more about our Cyber insurance solutions.