Cyber Risk Preparedness

Given the widespread awareness of Cyber Risk and the increasing trend for companies to consider insurance around this exposure, a company’s preparedness for a Cyber risk related event should be a part of their risk management plan.  Unfortunately, for most organizations, this part of the plan has not been matured. That’s a mistake…

Just like any business continuity process, preparation for a Cyber risk related event should be part of any company’s planning. It is far easier to work through the elements of such a strategy before a breach occurs rather than [re-actively] after a breach. The recent article published in Risk Management Magazine (is a terrific read on the “moving parts” that should be considered when formulating this strategy. Cyber risk should be considered and its mitigation must be embraced by every organization whether they buy Cyber insurance or not. Often, an added benefit of purchasing Cyber insurance is that the insurer has a support team available to policyholders on which they can draw. Preparing and meeting the “Team” before an event is strongly recommended. 

As a reminder, each State has Breach Notification statutes that govern the company’s responsibility to report an event when Personal Identifiable Information (“PII”) is compromised. Foley & Lardner LLP has a very useful (and up to date) chart of the State Data Breach Notification Laws which is worth visiting.

At The ALS Group, we consider Cyber risk to be one of the top five (5) risks for any company and strongly advocate for our clients to contemplate these exposures carefully to qualify and quantify the potential financial impact of such an event and purchase insurance coverage to mitigate losses resulting from a breach event. Part of that strategy is to take a hard look at the incident preparedness framework so a company can take a proactive approach to a response to any event they may experience. 

About the ALS Group