Security: Here today and gone tomorrow
Article information and share options
It only takes a minute to send a computer virus off into cyberspace. In fact, it only takes a click to download something that will later come back to haunt you.
When operating in such a risk environment, the word "secure" must always be qualified. In cyber speak secure means there is no evidence of any incident and all the systems are running normally. It is anything but an invitation to rest on your laurels and assume that because your security policy has worked until now, it must be good enough.
Policies and regulations are merely guidelines, they don't keep pace with the latest threats. There is no substitute for vigilance in cybersecurity. There is a gap in your defences and you need to find it before the hackers. Ideally, your company will have continuous monitoring capabilities to single out any unusual behaviour, such as attempted access from other countries or data traffic.
It's also important to conduct regular penetration testing for vital assets. If you don't have the resources to do that in-house, team up with an external partner. There are companies that specialise in seeing how far they can penetrate your defences with their "ethical hacking" services.
Pooling information is another valuable means of gaining an up-to-date risk overview. If you consult the shared database regularly, you can measure the incidents recorded there against your own experiences and identify where you need to improve.
It takes commitment from top management to give security arrangements the attention they deserve. It can be challenging to obtain that, as the business case for increasing the security budget is hard to break down into figures. However, that will change as cyber risk assessment becomes more sophisticated. Managers will also become more understanding, as the scale of the threat grows clearer.
A data breach doesn't mean game over. After a cyber-attack we get you back in business.
Learn more about our Cyber insurance solutions.