“It’s not an issue. We have Cybersecurity Insurance.”
Many organizations opt to not take cyber-security beyond basic endpoint and firewall because they have a cybersecurity policy or at least have a clause in their business policy.
But what happens if you must collect on that policy? Forget about the headaches of figuring out what went wrong, the stressful meetings about how we let this happen, and how you are going to remediate. Just think about the Cybersecurity Insurance aspect for a moment.
Many cyber insurance policies are starting to have a long list of exclusions for preventable breaches. If your breach qualifies, they are likely to cover only the hard costs involved or may have total exposure limit. Moving forward your rate is surely going to go much higher and depending on the nature of the breach you may not qualify for reasonably priced Cybersecurity Insurance in the future
The cost of prevention is much cheaper than the fallout related to an actual hack. If you think you don’t have any sensitive data to worry about, the hackers may still take you down to find out, or to use your resources to attack somebody else.
Check out this Planet Money episode #886, The price of a hack, to hear a real story about how small businesses were hacked to access larger organizations.