“The scope of the Sony Pictures attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither Sony nor other companies could have been fully prepared.”
– Remarks by Kevin Mandia, “Sony Investigator Says Cyber Attack ‘Unparalleled’ Crime,” Reuters,December 7, 2014.
“The days of the IT guy sitting alone in a dark corner are long gone. Cybersecurity has become an obvious priority for C-Suites and boardrooms, as reputations, intellectual property and ultimately lots of money is on the line.”
– Priya Ananda, “One Year after Target’s Breach: What have we learned?” November 1, 2014.
“Resiliency is the ability to sustain damage but ultimately succeed. Resiliency is all about accepting that I will sustain a certain amount of damage.”
– NSA Director and Commander of U.S. Cyber Command Admiral Mike Rogers, September 16, 2014.
We have definitively learned from the past few months’ worth of catastrophic cyber security breaches that throwing millions of dollars at “preventive” measures is simply not enough. The bad guys are too far ahead of the malware curve for that.
There are two things that are critical to a holistic cyber security approach: a strong, well-practiced Incident Response Plan, and, as Admiral Rogers noted above, the concept of cyber-resiliency, i.e., the ability to take your lumps, but continue your business operations unabated.
A Cyber Liability insurance policy can provide the for the cost of credit monitoring for those breached, a public relations and reputation control response team, extortion coverage if the criminals threaten to release information if they are not paid and defense for any class action suits that emerge as the result of the breach.
During this sensitive time of transition in the network security environment a Cyber Liability policy is worth considering.