There’s no need to wait until New Year’s Day to act on your resolution to up your cybersecurity protections — or back them up with the right, and right amount of, cyber insurance. Fall is often when organizations build budgets for the coming year, so now might be the best time to take stock of your cybersecurity.
Benchmarking your cybersecurity controls to trusted definitive baselines like the NIST Cybersecurity Framework, HIPAA, HITRUST and the PCI Data Security Standard should be your first step. This will help you quickly identify whether any leading-edge protections to thwart the latest cyber threats are missing from your arsenal.
Once you have the right cybersecurity controls in place, it’s time to perform independent third-party testing to re-baseline the controls’ performance. This gives you confidence that they’re doing what you need them to do. Make sure to also establish the updated reference baselines you’ll need to readily detect unauthorized access attempts and other attacker intrusions.
You can use these updated baselines to inform your cyber insurance strategies. You’ll want to purchase cyber insurance to hedge your downside risk costs incurred if cyber threats such as ransomware and data exfiltration bots unexpectedly overwhelm your cyber defenses. It’s essential to not only buy enough coverage but also to buy the right types of cyber insurance. Ensure that policy limits are consistent with your risk appetite, and that your policies provide benefits for all cyber incidents that your risk assessments identify as relevant to you.
Next steps
- Perform a security assessment: Audit and assess your security to identify gaps in your cybersecurity program.
- Reinforce cyber defenses: Be proactive in identifying gaps and weaknesses in your cyber defenses, and implement new/additional capabilities to bridge these gaps.
- Re-baseline: Engage independent third-party testing to update cyber defense performance reference baselines and adjust cyber insurance policies in response to changes from the past.
- Confirm cyber insurance coverages and limits: Most organizations should at least carry data privacy breach, network liability and data ransomware/extortion coverages, with limits consistent with their risk appetite.