Recent computer crimes involving hacking major department stores, governments, banks, healthcare providers, credit card companies and motion picture studios show that no system is completely safe from cyber‑attacks.
How can we risk manage this threat?
Updating computer systems can be tricky and often exposes data normally kept safe behind firewalls; when components are switched out, doors are sometimes left open for outsiders to intrude.
For example, when you must lower a firewall, be sure you have changed the factory‑provided password to a new, strong password on the replacement device. Check your fundamentals and implement strict protocols for employees to request or make any hardware or software changes; centralize this function if possible.
Train employees to recognize phishing scams and never relay log‑in information or passwords in response to an email. If an email seems poorly worded or contains misspellings, it probably did not originate from a major corporation.
Change passwords regularly and require all system users to update their credentials on a schedule that fits your risk profile. Protect stored passwords with strong hashing and encryption, and apply multi‑factor authentication where practical.
Back up encryption keys, password vaults and related recovery information in a secure, separate location so you can recover quickly after an incident.
Completing all reasonable due diligence helps move criminals to easier targets, but determined attackers can still find ways in. So how does a risk manager deal with one of the fastest‑growing liability risks for companies?
First, understand the magnitude of the risk. For each client record exposed through your company website, many firms offer identity theft protection and monitoring for affected customers; at a commonly cited example cost of $150 per account, a breach affecting 1,000,000 accounts would be catastrophic for many organizations.
For large retailers and online sellers, consider e-Commerce Security Insurance to complement your technical controls and response planning.
These claims are becoming more frequent and more severe. The practical risk‑management answer for many firms is transferring at least some of the financial exposure through specialized policies such as Internet Security Insurance.
What limit is safe? That depends on the size and scope of the data you hold, including customer records, supplier information, bank details and old accounts you may not actively use. Inadequate coverage or a slow response can bankrupt a company and destroy its reputation.
Consider the per‑account impact and estimate likely exposure for your organization. It’s worth the conversation—talk to an agent about the right options for your business.
Frequently Asked Questions
How do I reduce the chance of a successful breach?
Follow basic security hygiene: patch systems, enforce strong passwords and multi‑factor authentication, train staff on phishing, and centralize change control for hardware and software.
Should every business buy cyber insurance?
Many businesses benefit from cyber insurance, but the right choice depends on your data exposure, regulatory needs and incident response capabilities.
What does cyber insurance typically cover?
Policies commonly cover incident response, notification costs, credit monitoring for affected customers and certain legal and regulatory expenses, though coverage varies by policy.
How often should passwords and security settings be reviewed?
Review passwords and access rights regularly—at least quarterly for high‑risk systems—and immediately after employee changes or suspicious activity.