Call Us 866.940.1101 ☰ ˟
866.940.1101
Logo
  • Home
  • About Us
    • About Us
    • Employee Directory
    • Partners Page
    • Event Calendar
    • Refer a Friend
  • Get A Quote
  • Products
    • Lawyers Malpractice Insurance
    • Professional Liability Coverage For Attorneys
    • Accountants Professional Liability
    • Dentist Malpractice Insurance
    • Business Owners Policy
    • Cyber Liability Insurance
    • Workers Compensation Insurance
    • Title Agents E&O Insurance
    • Paralegal Malpractice Insurance
  • Testimonials
  • Common Terms
    • Common Terms
    • Frequently Asked Questions
  • Blog
  • Contact
  • Areas We Serve
    • Grand Rapids, MI
    • Detroit, MI
    • Lansing, MI
    • Kalamazoo, MI
Home > Blog > Cyber Liability—With all of the attention on Cyber Security It is not Working
WEDNESDAY, AUGUST 23, 2017

Cyber Liability—With all of the attention on Cyber Security It is not Working

An article from the Insurance Journal, 5 Reasons Cyber Security is Failing and What P/C Insurers Can Do About it, states 5 reasons why it is not working:

1.    Common misconceptions. Most people understandably think of cyber security as an IT problem. “For most people, the inner working of information technology is somewhat of a mystery. It makes, somewhat, sense that it’s both the cause and the cure of a lot of the problems,” Garrett said. But IT is not the whole picture. “The true drivers, in my opinion, of some of these cyber security risks, are organizational cultural issues. You can buy the latest firewall and buy the latest data loss prevention tool. But if there’s a fundamental issue with your organization’s culture that’s driving some of this risk, you’re really in no better spot.”

2.    Traditional security strategies. Most enterprise risk management tends to be specialized. The finance department handles financial risks. The legal department handles legal risks. The facilities department handles physical security risks. The IT department handles IT risks. “That does not lend itself well to digital risks. Digital risks span all of those various risks,” Garrett said. Also, a data breach raises technical and reputational issues. Traditional risk management strategies do not provide visibility into those different risks.

3.    Security risk factors: culture and enforcement. There are certain behaviors and activities that correlate with the likelihood that there will be a breach. One is tolerance for inconvenience. “A truism, in information security, is that security and convenience are inversely related. You cannot have both,” he said. One example is passwords. The longer they are, the harder it is for employees to memorize them. Human nature dictates going the route that has the most convenience and that doesn’t necessarily equate to better security. Denying administrative rights to employees makes it more difficult for hackers to install software. But it’s not always done because employees want their freedom to be able to download that Yahoo app because March Madness is coming down the pike. “There is almost a culture within an organization that favors convenience.” Lack of security governance is another risk factor. There is often an infrastructure of people, policies and processes that set corporate policy when it comes to security but those policies need to be enforced. Organizations that take those steps in a “cavalier way” are more likely to have a data breach. Also, decentralized organizations can be a risk. Many organizations that grow through acquisitions work in silos. If there is a risk that needs to be managed, it’s more difficult to do that if the group in one silo has a different set of IT than the group in another silo.

4.    Data imbalance. Paradoxically, at the same time information security professionals are flooded with data, they have no data. That is they have lots of data of certain types from firewalls and data loss prevention tools for tactical decisions but not necessarily data that support strategic decision making. “We see an attack coming in from a particular IP address, we can shut off access to that IP. Organizations are actually getting pretty good at being able to do that,” he said. But there is a lack of data in other areas, such as on the culture of an organization, whether the organization prioritizes convenience over security. “There’s ways to do that but that’s not happening right now. It’s one place where insurance carriers can really distinguish themselves from one another is the ability to be able to collect really meaningful data,” he offered.

5.    Choice overload. This is a term invented by Columbia Business School professor, Dr. Sheena Iyengar, whose research is around what drives consumers to buy. There is an “avalanche” of products in the information security field, especially for small and medium sized businesses. “Lots of companies that are doing really cool and exciting things. Many small and medium sized businesses are not capable of differentiating between them. It has become noise,” he said. “What is happening, and I’m seeing it happen more and more often, is that companies are not actually purchasing the technology that could help address some of these issues. Companies are either delaying or not actually making that choice.”

 

If you want to read the reminder of the article on what to do about it

Click What Needs to Change

Posted 3:31 PM

Tags: cyber insurance, data breach
Share |


No Comments


Post a Comment
Required
Required (Not Displayed)
Required


All comments are moderated and stripped of HTML.

NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2013
  • 2011

  • lawyers professional liability insurance(429)
  • attorney malpractice insurance(384)
  • attorney malpractice(337)
  • legal malpractice(223)
  • legal liability(134)
  • cyber insurance(102)
  • data breach(92)
  • ethics(87)
  • erp(57)
  • malpractice insurance(54)
  • claims(39)
  • title agency e&o(36)
  • accountant e&o(34)
  • extended reporting period endorsement(30)
  • tail(29)
  • phishing(25)
  • prior acts(22)
  • legal malpractice insurance(21)
  • claims made coverage(21)
  • extended reporting period(21)
  • cyber security(19)
  • cyber liability(18)
  • accountant errors & omissions(18)
  • claims reporting(17)
  • crime insurance(16)
  • ransomware(16)
  • claim prevention(16)
  • attorney protective cle(14)
  • the hartford weekly newsletter(14)
  • attorney protective cle webinar(14)
  • 2022 mcgowan pro cpe webinar for accountants(13)
  • mcgowan webinar series for cpas 2021(12)
  • professional liability insurance(12)
  • retirement tail(12)
  • business owners insurance(11)
  • legal liability insurance(11)
  • fee suits(10)
  • full prior acts(10)
  • attpro tip of the month(10)
  • accountant errors & omissions insurance(10)
  • non-practicing erp(9)
  • bop(9)
  • cyber liability insurance(9)
  • title agent errors & omissions(9)
  • cyber crime(9)
  • claims made(9)
  • prior acts date(8)
  • webinar(8)
  • step rating(8)
  • lawyers(8)

View Mobile Version
Logo
Quick Links
Home Our Products Customer Service Payment Options Common Terms
About Us Refer A Friend Our Carriers Blog Contact Us
Location
2430 Camelot Ct SE
Grand Rapids, MI 49546

Local: 616.940.1101
Toll Free: 866.940.1101
Email: info@L2ins.com
Facebook Twitter Social LinkedIn
© Copyright. All rights reserved.
Powered by Insurance Website Builder