Businesses are beginning to shift their focus from cyber attack prevention to dealing with the aftermath of a cyber attack.
Tim Stapleton, vice president and cyber insurance product manager for overseas general insurance at Chubb, revealed that the move from a front to back-end approach is impacting the cyber insurance market.
“No company is going to be 100% hack proof,” Stapleton told Insurance Business
“There are no systems that cannot be penetrated and I think that is why we are seeing shift from the focus to on front-end defence measures in most of these companies, to more of an approach about how do we prepare for and respond to and mitigate the impact of an attack on our system.
“That is where we are seeing a bit of a difference in the controls that companies are implementing and the things that they are focusing on from a risk management perspective. It’s a shift from the front-end to the back-end.”
With the likelihood of cyber attack ever increasing, Stapleton said businesses should start a cyber attack response plan with a risk management focus and look at the “crown jewels” of their business and work from there.
Once identified, businesses need to bring together leaders from all areas of the company, alongside experts from external sources such as law firms, PR firms and forensic investigators, to help deal with the varied fallout from an event. The PR element in particular cannot be ignored.
“You look at the reputational impact of it and that is why it is very important to work with a third party public relations firm to try to control and stem the reputational damage that could result from one of these types of attacks,” Stapleton continued.
“The fallout could go to customer churn or a decrease in stock price or just the general value of the company. It is more of a long-term reputational impact and that is why it is very important that companies realise that.”
Stapleton noted that the threat landscape for cyber attacks continues to change, but there is one key trend emerging.
“What we and our vendors are seeing a bit more of are things around APTs or advanced persistent threats,” Stapleton continued.
“Nation-state backed types of attacks that are more targeting intellectual property, research and development information that companies might have on hand, mergers and acquisitions information on upcoming transactions. It’s the things that people could use to compromise the transaction or giving a competitor a leg-up.”
Big business worried more about data loss than hackers – survey
Cyber insurance market opens industry to disruption