In the Hiscox Cyber Readiness Report, the perennial importance of cyber security shines through (of course). But so does its feasibility. While some organizations rightly invest significant funds in this area, others with less to spend may feel their hands are tied. Good news: They're not.
The report is informed by more than 3,000 executives and IT managers across Germany, the UK and the US: "men and women on the front lines of the business battle against cybercrime," who were surveyed for the occasion by Forrester Consulting. "As such, this report can be considered as one of the most authoritative of its kind," Hiscox said. What can we learn from it? Let's see the highlights.
Who's ready and who's not?
Hiscox divided organizations into three categories, based on how ready they were to weather a cyberattack. Novices (53 percent) rated low on strategy and execution. Opportunists (17 percent) rated highly on one or the other, but not both. Experts (30 percent) performed well on both.
"The most striking message of this analysis is that the majority of firms are either novices or experts," Hiscox said. "Novices account for more than half of our survey group, suggesting the majority of companies have a long way to go before they can claim to be cyber-ready."
The problem is real
A lack of readiness wouldn't be so bad if cybercrime weren't so serious, or so ubiquitous.
Attacks are everywhere. Over half of the firms surveyed have experienced an attack in the last year. Two in five have faced multiple attacks.
Downtime is painful. Almost half of businesses took two or more days "to get back to business as usual," Hiscox said.
Smaller firms feel it most. The financial impact of a breach is disproportionately high for the smallest companies. The fallout can do real damage to a company's bottom line.
All told, robust defenses against cyberattack, paired with strong procedures for eliminating careless behavior, “are now the keys to business continuity and consumer trust," Hiscox said.
Readiness doesn't require big bucks
Businesses rated as "experts" spend a higher percentage of their revenue on preventing and mitigating cyberattacks than do smaller companies. Given the risks, that's money well spent.
However, if you think it takes a mountain of cash to protect your organization from cybercrime, think again. "The good news is that this does not have to involve a major financial investment," Hiscox said. The biggest gaps between novices and experts were in strategy and process: two areas where cyber security novices can make "a lot of quick wins."
Eight ways to make some quick wins
Raise awareness. Hiscox detected "a lower level of buy-in and awareness at board level for the key elements of cyber readiness." Communicate the importance of cyber security and educate your team on relevant standards.
Take an interdisciplinary approach. "Expert firms tend to involve a broader mix of stakeholders from across their organisation when setting their cyber strategy," Hiscox said, with a collaboration of HR, marketing, product management, and sales as well as IT.
Involve leadership. One of the defining characteristics of expert firms was executive involvement in the cyber security effort. In these organizations, cyber security was a top priority at the top tier, and security metrics bore a direct impact on decision-making.
Make it formal. Board-level decisions "should be supported by formal, defined interactions rather than corridor meetings," Hiscox said. With clearly-defined structures, executives can devote a formal budget to security projects and make sure their decisions respect their organization's cyber security tolerance.
Train the whole team. The overwhelming consensus among expert firms is that employee training reduces cyber incidents. Security awareness should extend across the organization, with HR reviewing individual security competencies according to established metrics tailored to different roles.
Dial in your documentation. Improving security tracking requires only moderate investment, but offers significant payoff. Document a response plan, measure its effectiveness, and define your containment procedures.
Tighten up technology. The gaps between experts and novices here are less pronounced, but most novices can up their game with internal and external message encryption and the integration of strong, company-wide authentication.
Transfer risk. As any cyber security professional will tell you, there's no such thing as 100 percent security. Breaches happen to the best-prepared companies, which is why response is just as important as prevention. "One part of the solution, adopted by an increasing number of organisations, is to transfer the cyber risk to an insurer," Hiscox said. Nearly two-thirds of expert firms have a cyber insurance policy, with many planning to extend their coverage in the coming year.
When it comes to the risk of cyberattack, how safe is your legacy policy administration system?
Each year, Silvervine Software completes the SOC 1 No. 16 Type 2 Exam. That's infosec-speak for having passed an intensive security audit administered by a qualified third-party. As we've said, "Companies who complete an annual SOC 1 examination are able to demonstrate a substantially higher level of assurance and operationally visibility than those companies who do not." In summary, we offer highly secure insurance software as well as secure hosting services with a Mirrored Failover Option that provides internal redundancy at two secure locations more than 100 miles apart. Request a demo to learn more.
The FedNat Insured Web is a great tool for our insureds!
They like having a centralized location to view policy info, make payments, upload policy documents, and elect to become paperless to receive a discount.
The insureds also can file a First Notice of Loss for a claim and access exiting claim info. Silvervine recently enhanced the site which allows insureds to upload policy documents directly to their policy. The uploaded docs go directly into our workflows and save a lot of manual effort on our part.
From my visits with agents, the agents appreciate the app for the amount of time saved on having to download and attach photos directly to the policy.
The app can also reduce the amount of staff required for a busy office to fulfill underwriting requests for photos.
When training agents they are amazed at how quickly the photos attach directly to the policy. After taking photos using the app and before they make it back to their desk, the photo is already attached to the policy. They also like the ability to attach additional photos for pre-existing damage.
Customer Service is seeing an improvement with retention as the text message definitely triggers phone calls from insureds to make payments.
The insureds love the fact that we notify them on their phones because they state that sometimes they don’t receive their mail for various reasons.
The insureds are paying more attention to the texts then to their actual mail. We try to set all of our customers up on that option if we notice that they are not currently enrolled, as it builds great customer relations as well as retention.
As a company we have adopted the use of Policy Scan for all our policies, and our agents have adopted the use of the app as well.
Not only is it easy to use, there is also no more worrying about losing photos, having to store photos or photos being attached to the wrong policy.
With Policy Scan we have increased efficiency in our workflow and reduced our exposure on the risk.
Silvervine’s core administration solutions easily handles multiple carriers within multiple states, including accounting, payment processing, immediate policy issuance and endorsements.
What started out writing one product, one line in one state has now grown into mulitple products, multiple lines and writing in multiple states. We have over $95 million in annualized premium in-force and we expect to grow by 20% during the next year all serviced by Silvervine.
Silvervine was our insurance software system of choice when we started the company in 2006. Silvervine enabled us to begin business within a few months of licensing the company. Today, we are one of the top 20 homeowner’s writers in Texas and SIlvervine’s solutions have been an integral part of our success.