Call Us Today For A Free Quote | 866.940.1101
Professionals Insuring Professionals
 

An article from the Insurance Journal, 5 Reasons Cyber Security is Failing and What P/C Insurers Can Do About it, states 5 reasons why it is not working:

1.    Common misconceptions. Most people understandably think of cyber security as an IT problem. “For most people, the inner working of information technology is somewhat of a mystery. It makes, somewhat, sense that it’s both the cause and the cure of a lot of the problems,” Garrett said. But IT is not the whole picture. “The true drivers, in my opinion, of some of these cyber security risks, are organizational cultural issues. You can buy the latest firewall and buy the latest data loss prevention tool. But if there’s a fundamental issue with your organization’s culture that’s driving some of this risk, you’re really in no better spot.”

2.    Traditional security strategies. Most enterprise risk management tends to be specialized. The finance department handles financial risks. The legal department handles legal risks. The facilities department handles physical security risks. The IT department handles IT risks. “That does not lend itself well to digital risks. Digital risks span all of those various risks,” Garrett said. Also, a data breach raises technical and reputational issues. Traditional risk management strategies do not provide visibility into those different risks.

3.    Security risk factors: culture and enforcement. There are certain behaviors and activities that correlate with the likelihood that there will be a breach. One is tolerance for inconvenience. “A truism, in information security, is that security and convenience are inversely related. You cannot have both,” he said. One example is passwords. The longer they are, the harder it is for employees to memorize them. Human nature dictates going the route that has the most convenience and that doesn’t necessarily equate to better security. Denying administrative rights to employees makes it more difficult for hackers to install software. But it’s not always done because employees want their freedom to be able to download that Yahoo app because March Madness is coming down the pike. “There is almost a culture within an organization that favors convenience.” Lack of security governance is another risk factor. There is often an infrastructure of people, policies and processes that set corporate policy when it comes to security but those policies need to be enforced. Organizations that take those steps in a “cavalier way” are more likely to have a data breach. Also, decentralized organizations can be a risk. Many organizations that grow through acquisitions work in silos. If there is a risk that needs to be managed, it’s more difficult to do that if the group in one silo has a different set of IT than the group in another silo.

4.    Data imbalance. Paradoxically, at the same time information security professionals are flooded with data, they have no data. That is they have lots of data of certain types from firewalls and data loss prevention tools for tactical decisions but not necessarily data that support strategic decision making. “We see an attack coming in from a particular IP address, we can shut off access to that IP. Organizations are actually getting pretty good at being able to do that,” he said. But there is a lack of data in other areas, such as on the culture of an organization, whether the organization prioritizes convenience over security. “There’s ways to do that but that’s not happening right now. It’s one place where insurance carriers can really distinguish themselves from one another is the ability to be able to collect really meaningful data,” he offered.

5.    Choice overload. This is a term invented by Columbia Business School professor, Dr. Sheena Iyengar, whose research is around what drives consumers to buy. There is an “avalanche” of products in the information security field, especially for small and medium sized businesses. “Lots of companies that are doing really cool and exciting things. Many small and medium sized businesses are not capable of differentiating between them. It has become noise,” he said. “What is happening, and I’m seeing it happen more and more often, is that companies are not actually purchasing the technology that could help address some of these issues. Companies are either delaying or not actually making that choice.”

 

If you want to read the reminder of the article on what to do about it

Click What Needs to Change

Posted 12:31 PM  View Comments

Share |


No Comments


Post a Comment
Name
Required
E-Mail
Required (Not Displayed)
Comment
Required


All comments are moderated and stripped of HTML.
Submission Validation
Required
CAPTCHA
Change the CAPTCHA codeSpeak the CAPTCHA code
 
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive


View Mobile Version
Quick Contact
Referrals
We love referrals! And thank you even more for your continued business.
Customer Service
Self policy service any time of the day, directly from our website.
Join Our Newsletter
Stay in touch with the latest events, news and offers we have.
From Our Blog From Our Customers
Read More Read More
Stay In Touch With Us Helpful Site Links Read the News
Sign up now to receive new and updates Stay up-to-date with the latest industry, community and agency news through our newscenter. We also provide handy hints on how to save on your insurance.

Read More
We have the expertise to find you the right coverage at the right price 
Powered by Insurance Website Builder