BlueStone Advisors have experts in the field of Cyber Risk Management and Insurance. Whether an insurance policy is procured, best practices should be implemented before a loss to mitigate the probability and severity of an event.
Step 1: Gain a Holistic Understanding of Firm Risk. Work with a network security/cyber liability expert to determine the firm’s risk profile and exposure to a cyber event.
Step 2: Understand the Financial, Reputational, and Brand Impact. In 2014, the average cost for Legal Defense was $698,797 and the average cost for Crisis Services was an additional $366,383. Costs following an impact can include:
- Notification expenses
- Legal defense and counsel
- Public relations
- Crisis services
- PCI fines and penalties
- Regulatory defense
- Regulatory fines
- Insurance Cost
Step 3: Put the Right Resources in Place. Identify a cyber security and breach response team, inclusive of outside counsel, forensic and investigative consultants, insurance brokers, and public relations.
In 2014, 24% of all data breaches arose from staff mistakes and rogue employees. Pre-loss mitigation training and education can work to reduce the threat of cyber breaches originating from internal mistakes.
Step 4: Continuous Risk Evaluation. Work to establish a sustainable risk process to address the next big risk before it affects your business. Discuss and prioritize risks and external threats that could endanger earnings, reputation and the brand. An organization’s risk profile and appetite for taking on risk can evolve over time. Be certain to correlate the risks with the organization’s ability to address them.
While a breach seems inevitable for most companies today, the costs of a breach can be mitigated by an organization’s cohesive preparedness for the breach event.