Cyber defence demands expertise in cyber security, legal and risk transfer

Author
Reinhold Zurfluh
Published
14. September 2022

There are new cyber attacks taking place on companies every day, and the quality, efficiency and professionalism of the attacks are getting constantly better. It is quite common for it to take days, weeks, even months for a successful attack to be uncovered. Given this situation, it is crucial to make greater investment in order to detect cyber attacks in order to be able to react and cope with the worst-case scenario. In this article, you will find out why experts working in the cyber security, legal and risk transfer sectors are all required.

Companies are now subject to exponential legal, regulatory and corporate requirements. They have to prove that they can process and protect their information in an appropriate manner. At the same time, the threat from cyber criminals is on the rise. However, this is not the only reason why companies need to give the proper level of importance to cyber security and to review it from time to timet.

Dealing with residual cyber risks

These days, business failures and cyber-attacks are among the biggest, most significant business risks there are. Given the growing number of cyber-attacks, companies need to be constantly optimising their security measures. You need to be aware that you can be hit by a cyber-attack at any time. Therefore, a systematic security approach is the most important element in successful cyber security. Here it is essential for a company to deal in a concrete way with the worst-case cyber scenario within a risk management framework This provides companies with an important basis for deciding whether the company’s specific financial risk can be borne by the company itself, or whether it is necessary to transfer the risk to an insurance solution. International standards such as ISO 27001 or the NIST Cyber Security Framework offer helpful models for establishing, implementing, reviewing and continuously improving a company's own cyber resilience. The reason why cyber resilience is essential to corporate management has already been discussed in detail in a previous article.

Incident response needs cyber security expertise...

However, cyber resilience is much more than a high (IT) security wall, so third parties also need to be included in making the cyber risk assessment. Third party management is an important step. It deals with identifying as well as managing of cyber risks for external third parties (i.e., partners, service providers, suppliers of hardware and software and outsourcing and cloud service providers, etc.). Unfortunately, even with the best security arrangements in place, it is impossible to completely prevent cyber attacks; That's why you need immediate access to external specialists, like our CSIRT (Computer Security Incident Response Team) in an emergency. There is frequently a lack of internal know-how and resources internally in order to manage situation of this kind in a professional manner. That’s why it is advisable to assess a suitable partner at an early stage and to clarify the contractual details for support in advance for dealing with an attack. After all, in the event of a security incident, it is important to minimise the damage caused, to restore the company's ability to act as quickly as possible and to strengthen its cyber security defences in the long term to successfully prevent further attacks. Our Incident Response Retainer is the optimal solution for ensuring you are rapid, ready and effective. We have also created a 7-point emergency plan for you. You can download it here free of charge.

...as well as legal support

The "time" factor is crucial in the event of a cyber-attack. The faster a CSIRT, even a legal response team, gets on site, the more effectively the damage can be limited. For legal support in cyber incidents, we work very successfully with our partner MME Legal | Tax | Compliance. First and foremost, this involves an initial legal assessment of the situation and assistance with urgent measures, ransom payments, compliance and sanctions, as well as clarification of and assistance with reporting obligations (GDPR; DSG; FINMA) or criminal charges (Swiss cantonal police; fedpol). A law firm’s expertise is also needed to follow-up any claims against providers (breach of contract; damages) or for to mount a defence against unjustified claims (arising from contract/liability/responsibility).
The MME Cyber Risk Response Team will help you keep a cool head – to the extent possible in a situation like this- and to carefully consider your options. This will enable you to fulfil your obligations, react pragmatically and limit damage.

Cyber security requirements for insurance protection

Cyber-insurance provides added value and provides assistance in all reactive phases of an attack. It complements your own security system, thereby offering comprehensive protection against cyber risks. However, in response to the significant increase in losses, insurers are now formulating specific requirements for cyber security. Companies must fulfil these requirements if they want to take out a reliable cyber policy. The essential requirements placed on companies are.

  1. Transparency across all assets (above all IT systems and processed data)
  2. Multi-factor authentication for all remote access (e.g. when working from home) both on IT-systems and for system and domain administrators
  3. Strong passwords (requirements for length and complexity)
  4. A minimum of annual staff awareness training about information security and cyber risks, combined with a phishing attack simulation
  5. Strict network segmentation of operational technology and/or legacy systems, (geographical) premises, organisational divisions (e.g. administration and production) and network components (e.g. wireless networks)
  6. Continual, reactive patch management (Installation-critical patches need to be assured within a 72-hour period)
  7. Solid back-up-strategy in accordance with the 3-2-1 rule as a minimum, and an offline or stand-alone cloud-based back-up (for ransomware incidents)
  8. Documented an annually tested disaster recovery plan (including back-up recoveries)
  9. For big companies and multinationals: unified cyber-security standards in all subsidiaries.

 

Insurers now have a huge need for information which can only be met by obtaining comprehensive, up-to-date risk information. Our partner, Funk Insurance Brokers, has developed its own, optimally structured questionnaire to obtain this. It is used to provide the desired information to the insurers, and can be answered with reasonable input, and at the same time can give an overview of security-related cyber security topics. This enables Funk to prepare a vulnerability or gap analysis and assess whether additional security measures may be useful, in collaboration with you.

Cuts in ransomware payouts

Another development in the transfer of cyber risks is that many insurers are hugely limiting the scope of their coverage, especially in terms of "damage caused by or in connection with ransomware". This can be attributed to the high levels of frequent ransomware incidents. Over 90% of known claims are related to ransomware attacks. Consequently, some insurers are no longer offering coverage for ransomware. Others are limiting their payouts to a maximum of 50% of the total, or additionally they involve the policyholder in such incidents. This means that in 90% of damage cases, the actual amount insured would not be available at all, only the agreed sublimit.

You see – cyber risks can never be completely eliminated. That's why the insurance experts at Funk have developed "CyberSecure", an innovative and individually customisable insurance cover against cyber risks. Would you like to learn more? Then get in touch with us!

Contact us now!

Share article