Cyber Risk Exposure
Think about the people and companies you do business with. Are any of them offline, i.e. their business activities are not connected to the internet? Unlikely: Operations varying from multinational conglomerates to individual businesses depend on the internet to do business. KIRO’s risk and insurance professionals help your organization to better understand the exposures associated with cyber risk loss.
Because cyber risk exposures can potentially harm an organization’s assets, reputation, market position, and customer and supplier relationships, risk control measures for these exposures are essential for any organization. As with traditional risks, we can manage cyber risk within the full toolkit of risk management approaches.
A strong cyber risk security strategy can safeguard an organization’s resources, limit the severity of losses, and speed recovery from a cyber loss.
To design such a strategy, our security specialists help your organization first determine its scope of exposure to IT risks. We also consider your organization’s business objectives and available budget and include appropriate risk assessment controls for known loss exposures. Specific risk control measures to prevent, deter or mitigate cyber risks include:
Physical controls enforces barricades between cyber criminals and their targets. Additionally, organizations can physically limit access to computer equipment and programs and can implement other safeguards that control physical access to systems or the computer network environment.
Procedural controls require that tasks be performed in secure ways that eliminate or limit losses. These controls apply to how a computer system and associated data are protected. Protection from hackers is a critical reason for organizations to create, implement, and regularly update procedural controls.
Organizations can implement personnel controls including employment screening, training, policies on what is acceptable and unacceptable cyber behavior, and termination procedures that include revoking access and passwords. Other training exercises such as phishing emails can improve personnel behavior.
Managerial controls should be the responsibility for Chief Information Officer (CIO) or Chief Technology Officer (CTO) who oversees the cybersecurity and technological aspects of the organization.
An organization should be candid in the event of a cyber crime—especially if the organization is a targeted victim. It can describe measures it’s taking to prevent a recurrence, thereby restoring
Financial Measures of Cyber Risk
Organizations exposed to cyber risk should consider the financial consequences of ownership, revenue, or loss of liability, and whether they want to transfer or retain those losses. Risk funding sources can be arranged before (pre-loss financing) or after (post-loss financing) a loss occurs. Risk financing measures include insurance, transfer and retention of non-insurance risks.
Retention
One of the benefits of retention is that it encourages risk control. An organization that pays the cost of its losses has a greater incentive to prevent and reduce them. A downside is that when an organization maintains its cyber risk exposures, the associated uncertainty can negatively impact its financial condition. The retained losses may be more frequent or more severe than projected. Because of this uncertainty, an organization should limit its retention for each individual loss to a tolerable level of severity.
Non-insurance Risk Transfer
We offer various recommendations of non-insurance risk transfer solutions that uniquely fit your organization. Some non-insurance risk transfer solutions include: