Skip to main content
Opens in a new tab External site

October 2022 / 5 Min Read

What’s Your Total Cost of Cyber Risk?

 

During this Cyber Security Awareness Month, our opening article titled, “Cyber Security Comes Down to You,” turned the spotlight on the human element of cyber risk captured by the theme — See Yourself in Cyber.

Our holistic Aon team discussed key topics from protecting high-net-worth individuals at home, to the trend towards using pass phrases over passwords, and the perils of elite dating sites. Each week, we provided action-oriented suggestions – for the critical people element of cyber security.

But what we know about human nature is that it is inherently unpredictable. Nobody can predict that people will practice cyber hygiene, or that they will be on and good 100 percent of the time. Knowing this, there is only one thing we can foresee with utmost certainty.

Your organization may likely be the victim of a cyber attack one day.

What is the next best action? Amid the complexity of today’s threat landscape, organizations are unsure of the next best decision when it comes to managing cyber risk. To better assess your decision-making ability, ask yourself these three questions:

  • Do you know the total potential cost of cyber risk to your organization?
  • Do you know where to invest security budget to help maximize balance sheet protection?
  • Do you have access to scenario and financial modelling tools to help measure your organization’s return on security investment?

Be honest. These questions are tough. To answer these questions demands that an organization commit to an ongoing, or Loop, process to manage cyber risk – united across stakeholders.

Organizations wrongly think the finish line for a cyber event is when the network is restored. But this is just the start. It takes many months, perhaps even years, to reach maximum financial recovery from a significant cyber event. Key to this recovery is having the right cyber insurance policy in place and having an experienced team to accurately quantify the loss and manage the claim to achieve a successful recovery under the policy. This is no easy task.

#BeCyberSmart in the event of an attack.

Be Ready to Respond.

Have a practiced incident response and disaster recovery plan, preferably and including a master service agreement (MSA). Know who will engage in the event of a breach, and importantly be sure these experts are approved by your insurer. Have common protocols across incident response, crisis management, and business continuity.

Become insurable.

Insurers are asking precise and specific questions about controls. Some reasons an insurer may decline to provide insurance coverage include:

  • Lack of MFA or endpoint detection.
  • Little to no user awareness training.
  • Access control deficiencies.
  • Network segmentation issues. Work to achieve better cyber insurance resilience.
Leverage your cyber policy.

Having a policy is just step one. Know who will advise on how to best protect your interests when an incident occurs. Identify who will assist in the quantification of company-wide business interruption impact and who will manage the claims process to help drive the claim forward toward financial recovery.

Become an informed participant in managing cyber risk to help mitigate the unpredictability of people – the weakest link.

More Like This

Featured Topics:
Cyber Resilience

Article
Zero Trust Adoption: Think Big, Start Small, Move Fast

Article
Consider These 10 Critical Steps to Prevent and Detect Ransomware Threats

Article
Deepfakes and Cyber Espionage: Is That Really Your Boss on the Phone? - The One Brief

Authors

Stephanie Dingman
Managing Director, E&O/Cyber Broking

Samuel Willoughby
Managing Director, Investigations

Ady Sharma
Vice President, Cyber Growth Leader, Canada

← Previous Article
Elite Dating Sites. Beset By Risk.

 

Keep Exploring

Cyber Resilience

As part of Cyber Security Awareness Month, we’re exploring all of the ways organizations can build a sustainable approach to cyber resilience. For more helpful tips and insights, visit our Cyber Resilience hub.

Learn More

Disclaimer
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.