The latest developments in Cyber Investment & Insurance
For Maya Buchanan, NCC Group’s Global Director of Risk & Compliance, cyber security budgets must ultimately be aligned to an organisation’s overall strategy and approach to risk. However, in many cases, improving cyber security postures doesn’t automatically equal increased spend. In Buchanan’s words, there is ‘no magic bullet’ that can make an organisation 100% secure; instead, it’s often a matter of ‘tuning up’ capabilities, simplifying your security estate and making informed decisions in line with existing controls, rather than investing in new tools. At all times, aim for a holistic approach to enterprise risk management. A cyber attack has the potential to affect every aspect of an organisation, whether finance, HR, procurement, IT and so on. Understand how they would be impacted by a breach, and speak to those challenges. If payroll systems are affected, what problems does that create for finance departments? Would IT teams require additional resource to restore systems? Factor these considerations into investment decisions. Remember, too, that the fall-out of a breach can have a very long tail, and therefore require long-term financial support.
There’s no getting away from it cyber security remains one of the biggest existential threats to organisations across the globe. In 2023, this is further compounded by a tumultuous threat landscape - which NCC Group’s Global Head of Threat Intelligence delves deeper into on page 12.
There is ‘no magic bullet’ that can make an organisation 100% secure; instead, it’s often a matter of ‘tuning up’ capabilities, simplifying your security estate and making informed decisions Maya Buchanan, NCC Group’s Global Director of Risk & Compliance
Here we look at the latest developments in cyber investments and cyber insurance and how best to strengthen your cyber security posture in 2023.
Balancing risk appetite with key security investments in 2023
Research from Enterprise Strategy Group suggests a mixed picture: though 65% of organisations are expected to increase cyber security spend in 2023, the same survey found 48% predicted overall IT budgets to remain flat or decrease throughout the course of the year. Cyber security is clearly a non- negotiable - but how do you reconcile this with scrutinised budgets? Organisations are increasingly forced to strike the delicate balance between cyber risks, and where (and how much) to invest when it comes to ensuring an adequate level of cyber security protection.
Data Breach 7 %
Evolving insurance for an evolving market - which brings us to cyber insurance
Banking malware 7 %
As one of the newer insurance markets, it’s an area that has been subject to intense discussion of late - from new product launches, to claims that cyber could be ‘uninsurable’. Whether this statement is entirely correct or not, it is fair to say the market is hardening and latest studies are demonstrating that the scope of what cyber insurance covers is decreasing, at the same time that premiums are increasing. Previously, cyber insurance has been seen as a substitute for cyber security. This is certainly not a recommended approach, and the squeeze on what policies cover and how much insurance costs is forcing many to re-evaluate this ‘risk transfer’ approach. Instead, cyber insurance must be viewed as an enhancement of a robust control environment.
Attack Impact Stages 2022
Ransomware 40 %
Where to begin? What’s driving it and review this on a continuous basis Are there any regulatory changes (see more on page 16)?
Coin mining 13 %
Cyber insurance must be viewed as an enhancement of a robust control environment.