Every organization today is at risk of a data breach, with each company looking to protect against and manage breaches effectively. Most are trying to balance both proactive and reactive cyber security measures, which involves looking to prevent the next data breach while also preparing for when a breach occurs so they can respond quickly and intelligently. In a recent report by Advisen sponsored by ID Experts, Mitigating the Inevitable: How Organizations Manage Data Breach Exposures, there were several important takeaways that will assist you in helping clients assess how their proactive and reactive cyber security measures stack up. The report is based on a survey of than 200 risk professionals in industries ranging from healthcare to government and professional services.
- Does the client truly recognize the risk of a cyber attack? The report found that 80% of organizations surveyed are concerned about the consequences of a large public data breach. If an organization has yet to recognize this new normal in cyber risk, it’s likely that the company has fallen behind in defending against and preparing for the next data breach.
- Is the organization able to detect every breach? If an organization is confident it can detect every breach, it’s ahead of the game. The survey cites that 55% of respondents did not believe their companies had adequate resources to detect all breaches. Remember, this is especially so in the healthcare industry.
- Does the organization perform a yearly cyber security and privacy risk assessment? Most organizations seem to realize that in order to beef up their cyber security defenses, they need to know where their vulnerabilities lie. Seventy-two percent of survey respondents said they conduct an annual cyber security and privacy risk assessment, and most indicated that they actively update their privacy and security policies, training, and internal resources.
- Does the organization carry Cyber Liability insurance and how well does the coverage address its needs? Most of the companies surveyed (64%) have Cyber insurance, which is a good sign. However, they need to fully understand how their policies work and what is and isn’t covered, including the fact that many small breaches may fall below policy deductibles while some losses may be excluded.
- Has the organization implemented and tested a data breach response plan? Three in four survey respondents indicated they have a data breach response plan in place. Yet, it’s important that the plan is updated regularly to address and meet ever-evolving security concerns. For example, policies need to be developed that specifically address the growing threat posed by ransomware. Moreover, it’s important to test the efficiency and effectiveness of data breach response plans. Forty-one percent of the survey respondents said they either have not tested their plans or don’t know if tests have been performed.
- Who at the organization is responsible for managing the data breach response? A whopping 60% of respondents rely solely on the IT department, despite the fact that IT is generally ill-equipped to handle all the legal and regulatory requirements associated with data breaches. According to the report, the best practice for data breach response is to form a cross-functional team with a combination of specialties. Working together, the team members can handle a data breach in a way that fully protects the organization and meets security and privacy regulations.
- Does the organization have a data breach response vendor? Nearly 50% of the companies surveyed have hired a full-service vendor to manage their large-breach response efforts and minimize risks. Respondents indicated that vendors provide a variety of helpful services, including forensics, protection services such as credit monitoring, pre-breach services, call center, and mailing. These are the types of services that a strong Cyber policy will cover.
Caitlin Morgan offers a broad spectrum of industries Cyber Liability insurance tailored to specific their needs, including healthcare organizations. We can assist you in providing a program that will address your clients’ concerns and safeguard their organization in the event of a data breach. Give us a call today at 877.226.1027.