Forgie also emphasises that cyber insurance is not a solution in itself, you cannot insure your way out of the problem. However cyber insurance can be a useful tool to transfer residual risk and can be a helpful factor in the case of regulatory negotiations and civil lawsuit settlements in the aftermath of a data breach.
Fortunately, there are several strategies that have been shown to manage the risk and mitigate the cost of a data breach, number one of which is reducing the mean time to identify a breach and the mean time to restore. You can view the other strategies in the graph below:
Based on this, Forgie's top recommendations include:
- Hire a great CISO,
- Ensure the Board and exec leadership is on board to drive a security first culture,
- Utilize cyber insurance appropriately,
- Adopt an assumption of breach posture,
- Focus on minimising the time attackers are in your systems, specifically "dwell time", which is highly correlated to breach costs.
- Ensure your CISO has great incident identification and response frameworks, processes and metrics in place.
You can learn more by watching Todd Forgie's full video presentation below.
Sign up for CIO Asia eNewsletters.