Do we all need cyberattack insurance?

It’s the beginning of the new year and thoughts for small and medium business and not for profit organisations (SME) are now turning to increased profits, better marketing and sustainable cash flow, for this year and the future. Why would they be more concerned with their business security than normal. In the normal everyday business grind there is also a reason to comply with insurance requirements.

To put in place normal insurance you normally have to fill in a large number of forms, especially if you are insuring against professional indemnity for your business. You have to have the correct checks and balances in place for the insurance company to even think about insuring your business.

If there was such a thing as cyberattack insurance or just cyber security insurance what do you think would entail the requirements for covering your business. Your business would need to have some level of whole of business security plan.

This plan has to take in the following areas:

Technology – what technology are you using to protect your business. How is the technology being deployed, is it updated and managed correctly. The technology would look at both hardware and software components to make sure the business has the best systems available.

Compliance – how does your business comply with the regulatory and internal management systems. Does it have the correct reporting processes, procedures and policies. Is the business applying the correct systems to ensure a high security level.

Resilience – what happens if there is a total failure at the business level, local area and geographical area. Does you business have a plan for recovery and a backup of your data. Will your business be able to benefit from areas where your competition are not focussing at the moment.

To allow the introduction of a business cyber security insurance system businesses will need to implement some level of whole of business security system to ensure that they are compliant with the insurance requirements. This system would also increase your marketing position as you would be able to leverage your security profile in your marketing which would undoubtedly increase your revenue and your cash flow.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.