The risks for a cyber attack have never been as high as they are today. Digital working and the ongoing trend toward home offices make successful attacks increasingly likely. One reason to take countermeasures.
The government is also stepping in more and more. With increasingly strict regulations, the DSGVO being one example, the pressure on companies of all sizes is increasing. According to the government, the goal must be to protect confidential personal data.
To meet the strict requirements and be financially cushioned in the event of a successful cyberattack, more and more CISOs are taking out cyber insurance for their company.
The problem: While cyber insurance is certainly helpful in the event of a successful cyberattack, it is by no means a substitute for a well-thought-out information security strategy. It is desirable to prevent a successful hacking attack from happening in the first place.
Another problem: In some cases, the losses incurred by a cyber attack are so high that they are not covered by cyber insurance. Or, the insurance company specifies which preventive measures must be in place for the policy to apply at all. In this case, some insurers require reliable proof (e.g., in the form of certificates) showing that the workforce has been trained in IT security awareness.
If the specified preventive measures are not adhered to and an attack by cyber criminals succeeds, the insurance company is not obliged to pay. If proof in the form of certificates cannot be provided, it may not even be possible to take out insurance.
Attention: The human factor must not take a back seat
We at IT-Seal always make it clear to our customers why it is the human factor that represents the greatest security risk. Those who cozy up in the (supposedly) safe arms of a cyber insurance, like to let the security risks fade into the background.
Instead of betting that nothing will happen and that the costs will be covered in the event of an emergency, preventive measures must be introduced and risky behavior on the part of employees must be minimized. GDPR fines, reputational damage or liability exclusions in the event of spear phishing or social engineering attacks are possible consequences.
It is therefore all the more important to sensitize the workforce to the dangers on the Internet and not to allow social engineering attacks, wire transfer fraud or deep fakes to succeed in the first place.
With our Security Awareness Training we offer companies of all sizes the possibility to train their employees comprehensively and to sensitize them for the importance of building up a sustainable security culture – in short: to minimize the human risk in your company. After all, if employees don’t follow through properly or don’t understand or want to accept their responsibility for establishing effective cyber defenses, even the most comprehensive IT security training will fizzle out after a short time.