Risk Managers Struggle With Cyber Security
Cyber attacks have become an almost daily event affecting all sizes and types of businesses — and many businesses still struggle with information security deficiencies and common security weaknesses that can elevate their risk for data breaches.
In its “2014 State of Risk Report,” which surveyed 476 information technology and security professionals located in more than 50 countries, Trustwave found that one of five (21 percent) businesses do not have data breach incident-response procedures in place and about the same amount (20 percent) do not have a process that enables reporting of security incidents.
It also found that more than three in five (63 percent) businesses do not have sophisticated methods to control and track sensitive data and that less than half (49 percent) fully encrypt stored sensitive data.
“Businesses must look at security as an imperative,” said Michael Aminzade, vice president of global compliance and risk services at Trustwave, in Reston, Va.
“Understanding their risk level is the first step. By identifying their largest security shortfalls and rectifying them, businesses can stay ahead of the criminals and decrease their risk of getting breached.”
As for the insurance industry, A.M. Best identified cyber security as one of the most serious emerging risks facing insurers in its report titled “Cyber Security Presents Challenging Landscape for Insurers and Insureds.”
“These discussions will get increasingly more robust in 2015 as the insurance industry continues to ‘peel the onion’ on this evolving issue,” said Fred Eslami, a senior financial analyst at A.M. Best in Washington, D.C.
He added that it involves not only identifying general underwriting processes, the number of policies, types of coverage, policy forms, and limits and exclusions, but also how insurers manage and mitigate the many cyber risks and the ever-increasing threats of cyber-attacks on their own companies.
A.M. Best found that just 10 percent of respondents said they had a dedicated cyber security policy, while another 10 percent said they bundled such coverage with errors and omissions, property/business interruption and general liability policies.
Nearly three in 20 (13 percent) respondents admitted that their companies had been targets of data breaches or cyber attacks.