Today’s article about ransomware is brought to you by guest blogger, Scott Templin, Cyber Risk Advisor with Lachesis, LLC.

There is no escaping.

You cannot turn on the news or open your phone these days without hearing about another cyber attack. From meat suppliers to pipelines, our nation’s resources are being threatened at unprecedented levels, and the scariest part is that every single business regardless of size is at risk. In fact, 88% of all organizations have been the target of an attack—and that number continues to rise.¹

With the average breach costing companies nearly $4 million, how is your business prepared to manage such a massive risk? Unfortunately, the most common method I have found is placing it in the hands of their IT provider. On the surface, this seems like a well-informed decision. Why not have the tech guys who deal with “this stuff” every day be the ones keeping an eye on it? I am here to tell you this couldn’t be further from the truth.

Organizations who place cyber security risk management in the hands of their IT department are doomed to fail.

Now I am not here to belittle the work of IT professionals. Whether they are in-house or managed by a third party, IT is a critical component to any business’s success. We have an excellent systems admin on our staff, and I have worked with countless other IT personnel over the years who excel at their jobs. The problem comes with the nature of cybersecurity and the specialization that goes into it. To better understand, let’s use a medical world example.

Cardiologist vs. General Practitioner

Regular check-ups with your general practitioner to review your health are highly encouraged. Usually, you trust your doctor and listen to their advice. They are someone you can depend on to be there when you need them. However, if something serious happens regarding your heart, then you likely will need to see a cardiologist. This doesn’t mean your general practitioner is not good at what they do, but this ailment requires someone who specializes in it to help you fight the problem.

Cyber security follows this exact same path. Your IT team is your general practitioner, working with you to fix day-to-day issues and keep the operation healthy. Cyber risk is the heart disease. An all-encompassing issue to the health of your organization that goes beyond just your IT team. They will play an important role in keeping the disease in check, but the diagnosis and plan of action should be coming from ownership and executives working hand in hand with a team that specializes in cyber security.

True Cyber Risk Management Demands Executive Buy-In

“My IT guy says we are good” is not enough in 2021 to protect yourself from the onslaught of phishing attempts, malware, ransomware, and social engineering that plagues organizations of all sizes.

A holistic approach to managing your cyber risk involves ownership and executives viewing numerous aspects of their organization to get a better understanding of where they stand and what needs to change.

Here are some questions they can ask themselves to get in the right mind-set:

• Who is accountable for cybersecurity compliance?
• What kind of policies and procedures do we have in place for both before and after a hack?
• What is our data backup and recovery plan? Have we ever tested recovering from backups?
• What are the hard costs associated with machines going down?
• Do we have two-factor authentication in place?
• Are we able to show how our firewall is detecting attempted hacks?
• Do we understand what type of regulatory requirements we are required to meet?
• What kind of security training do we have in place?
• Are we currently assessing and improving our security measures?

Cyber security is a business problem that requires a commitment from executive leaders to drive true change in the organization.

If your organization is unable to or unsure of how to answer these questions, it is a good sign that you are likely at a high risk for a data breach or attack. Putting together a comprehensive plan to better understand and begin to truly manage your cyber risk can be a tough process, but it is absolutely vital for continued company growth.

For more information, Lachesis will be presenting locally at multiple seminars reviewing appropriate cyber risk management techniques and how organizations should properly assess their current cyber risk profiles. To view the seminar schedule and register to attend, visit our Eventbrite page.

This article was published in the Fall 2021 issue of the General Insurance Services Risk & Business Magazine. Access the full publication here