According to the ESET Security report (2022), Ecuador is the fifth country in Latin America with the most cyberattacks; only surpassed by Peru, Mexico, Colombia and Argentina.
Faced with an increasingly refined cybercrime market, and with greater access to tools and methodologies that allow cybercrime to be perpetrated, the risk for individuals and companies is high: the more lucrative the business
of cybercrime, more actors will want to participate in it.
According to the ESET Security report (2022), Ecuador is the fifth country in Latin America with the most cyberattacks; only surpassed by Peru, Mexico, Colombia and Argentina.
In this context, different alternatives must be considered to protect themselves from this type of threat. Insurance against cyberattacks has become an increasingly popular layer of protection for companies in all sectors worldwide.
However, despite its clear appeal to support and increase cyber risk management, different internal and external factors must be analyzed to determine if it is the best option for our company and, above all, to know if we really need it.
The first thing that must be taken into account is that insurance is a post-mortem control and should not replace the controls that companies must have within their comprehensive security strategy for the shielding of assets, although they are becoming fashionable, it is important assess how organizations are structuring their security strategy, what methods and controls are available to address risks.
Among the aspects that a company must evaluate are: the increase in the prices of insurance against cyberattacks, very specific requirements to contract and make the insurance valid and in some cases there are coverage limitations, for this, the cybersecurity expert, Víctor Hernández, from the company A3Sec, dedicated to shielding digital assets around the world, answers the following questions.
At what point should a company take out this type of insurance?
The exact moment where a company must acquire insurance against cyber attacks is when it uses, manages or stores personal information or highly confidential information from its clients, whether they are natural or legal persons; You should always look for an insurance that is appropriate to the line of business of each company, evaluating its possible business, financial, technological risks or that could affect the reputation of the organization.
What kind of coverage does cyberattack insurance provide?
“Coverage depends on the type of information and the use made of it, since there are insurances that can only be against exposure of information and not against possible kidnapping of the same, for which coverage should be sought according to the use that is given to the information and the degree of exposure it has according to business processes. First, you have to take care of customer information”, remarks Víctor Hernández.
Here it should be noted that the increase in ransomware attacks, which are a clear hijacking of information, where there is a high probability that it will be lost, even if it is encrypted or regardless of whether the monetary amount requested in the attack has been paid , are one of the biggest cyber threats facing businesses and governments, given their prevalence, increasing sophistication, and potential to cause widespread damage.
Is it no longer necessary to hire cybersecurity specialists by having insurance or do both services complement each other?
For the A3Sec cybersecurity expert, everything complements each other, “insurance against cybercrimes is usually purchased to never use it and have it as a backup in case of suffering an incident or information leak, but it will always be important to have an internal or external staff Security specialists who provide adequate knowledge to prevent information leaks, or reduce the impact of a security incident that puts business operations at risk. Even having a strong shield or contemplating some security controls can be helpful when taking out cybercrime insurance since the policy can be significantly reduced.
Given the increase in cyberattacks, will the cost of insurance increase and its coverage will be less or more stringent?
Speaking of coverage, they will be more defined and with more delimited scopes, contemplating the type of controls or measures that are in place to avoid these possible attacks; Even the use of this type of insurance can also be acquired by individuals, due to the type of information that is handled on networks today and taking care of the image in said media.
A clear example could be the influencers; Let’s remember that by digitizing our lives and work, nowadays we handle everything through these communication channels and they practically live off of it, so they are assets that they must take care of jealously.
The costs will be variable, the companies in the insurance sector, that can take advantage of this market, will have a huge and segregated portfolio, to adapt a package to the degree of exposure of people or companies; but there will always be a need to have cybersecurity specialists or advisers to avoid or reduce the degree of information exposure”, concludes Víctor Hernández.
RELATED NOTES
Every 11 seconds there is a cyber attack on a public or private company in Latin America – Diario La Hora
2023-04-28 20:08:10
#considered #insurance #cyberattacks