This is the money hole in the cyber security industry that is sucking up your investments

Advertisement
This is the money hole in the cyber security industry that is sucking up your investments
Cyber security is no longer a matter of ‘if’, it is a matter of ‘when’, says Ashish Thapar, Managing Principal, RISK Services - APAC, Verizon Enterprise Solutions.

Verizon’s recent report on data breaches '2016 Data Breach Investigations Report' revealed that there is a linear relationship between record loss and cost of breaches. Though different breaches cost differently, depending on the nature and data loss, the report found that legal guidance during the crisis management phase and forensics investigations is where the majority of the cash is going.

This is the money hole in the cyber security industry that is sucking up your investments
Advertisement


It shows that the majority of the insurance payouts go toward costs within the phase of breach recovery associated with determining just which creek you are up and your current paddle supply. These cost categories are followed by breach notification and credit monitoring, because sending flowers to your customer base just isn’t going to cut it.

The first phase includes up-front costs which are incurred when you think you have suffered a loss, and are receiving third-party guidance and investigative services to determine what happened and establishing how bad it was.

Advertisement

This is followed by reluctant acceptance and trying to save as much face as possible with the customers affected.

Then came the long-term costs involving legal representation, settlements and fines, which would occur after the story of your breach is coming to the epilogue.

Causes

Advertisement
Many cyber insurance policies do not include coverage for remediation costs. And these costs are not nearly as common, in comparison with the more upfront costs.

Attorneys and investigators don’t charge by the record breached, but typically on an hourly basis whether for a fixed number or on demand.

Solutions

Advertisement
Develop relationships before their services are required and align your ducks, so in case these services are required, you have processes in place to quickly provide the level of access and information needed to kick things off properly.

You want to try to ensure hours aren’t spent looking for a network diagram while suits are in a conference room looking at their mobile phones.

(Image credits: Verizon, indiatimes)