This is according to Charl Ueckermann, CEO at AVeS Cyber Security, who says while companies have survived decades without cyber insurance, it is now becoming a must-have for effectively navigating increasing and evolving cyber threats.
Ueckermann shares insights on cyber insurance and also how to implement cyber insurance to avoid unnecessary costs as well as focusing on the right capacity for managing security gaps not covered by cybersecurity measures, and more importantly, for surviving a cyber incident.
What exactly is cyber insurance?
It is tailored business Insurance that will cover you against the risk in case of a Cyber Incident – The Insurance can cover the following: Recover your data to a useable state, PR for Reputational communication and Legal fees against litigation cases.
What is the biggest mistake companies make when it comes to cyber insurance?
They don’t know for how much Rands to insure as data is not a line item on the company’s balance sheet.The Company’s Cyber Risk Index (CRI) will depend on Industry, size of the business and cybersecurity maturity level.The rule of thumb is R1m for a SMB, R16m for a midsize business and R40m for a larger enterprise or R2,000 per Record (if a company has a 1000 client’s records, R2000 * 1000 + R2 million minimum).
Before considering cyber insurance, what should be in place in your organisation?
How should cyber insurance be implemented to be most effective?
Firstly, do a cybersecurity risk assessment. Then, adopt an IT Governance framework so you invest in the right IT at the right time. This will both reduce your risk and prevent unnecessary spend on technology.
Can companies go without cyber insurance?Sure, you can - providing you have a high-risk appetite and a mature cybersecurity framework in place.
How can you lower the cost of cyber insurance in your organisation?
Do a cybersecurity risk assessment and be pragmatic about the amount of insurance cover you take out.
