Scott Davies, a senior cyber underwriter at MGA Dual UK with 22 years of industry experience, shares his insight on how businesses can enhance their cyber preparedness to mitigate ever-evolving digital risks
Cyber insurance is relatively new. The threats we face in this market are unknown and can be volatile. Traditional security measures – like multifactor authentication and regular backups – should now be the baseline, but businesses need to go further to protect themselves from cyber attacks.
One of the most significant vulnerabilities I see is human error. Even with the best information technology (IT) systems in place, individuals can inadvertently expose their organisations – to phishing attacks, for example.
Many companies assume they are protected by having basic security measures in place, but it is the combination of this alongside comprehensive awareness training and ongoing education that is key.
At Dual, we carry out various ‘outside-in’ scans, as well as expand on the questions in our proposal forms. This is because open ended questions help us to better understand each business’ unique risks.
Here is my take on the steps a business can take to enhance their cyber preparedness.
- Continuous learning commitment
Businesses should try to stay updated on potential vulnerabilities and emerging threats. This includes educating employees about the risks associated with cyber threats. Regular training can help reduce the likelihood of human error leading to data and security breaches.
- Brokers should ask questions
As we enter a softening market, brokers typically push for fewer questions and insurers give in as we seek to retain renewals and chase new business. But this isn’t what we should be doing to make sure our insureds are best prepared for an incident.
Questions aren’t there to hinder the insurance purchase – or at least that isn’t the intent – but to help guide brokers and insureds on the problems we see.
- Regularly review cyber security measures
I urge businesses to assess and strengthen their security posture regularly. Complacency after implementing basic measures can be dangerous. Continuous evaluation is essential.
- Develop and test incident response plans
It is important to have robust incident response and business continuity plans, which should clearly outline roles and responsibilities before, during and after a cyber incident and be tested regularly. The better prepared companies are, the more effectively they can respond to cyber situations.
Common misconceptions
Despite the growing awareness of cyber risks, I’ve found that many businesses still hold misconceptions about cyber insurance. Some companies view insurance as a safety net, believing it absolves them from implementing robust security measures. I firmly believe that insurance should complement security efforts, not replace them.
Another common issue arises among SMEs, which often underestimate the importance of cyber security investments. The low cost of insurance might tempt them to skip critical security measures, but the potential losses from a cyber incident far outweigh these costs.
In my experience, emphasis should centre on the importance of a proactive and informed cyber security approach.
The cyber threats landscape is continually shifting and businesses must be prepared to adapt. By promoting a culture of continuous learning, regularly assessing security measures and prioritising employee education, organisations can enhance their resilience to cyber threats.