Data security is fast becoming a major focus from a number of regulators, including those overseeing financial services. In fact, with the amount of the sensitive information held by financial advisers and product suppliers, it is a major responsibility.
The information below is an excerpt from an article by Kerry Curtin, Manager: Financial Institutions & Professional Risks at Aon South Africa. See link to the full article below.
Even with the most comprehensive cyber risk insurance in place, it’s not a replacement for strict internal privacy and security measures. Given the massive reputational and financial risks of a data breach, prevention is still the best form of insurance against a data breach. There are a number of strategies that can help organisations ensure smooth operations. Stroz Friedberg, an Aon-owned company, provides cyber security tips for leaders to keep in mind as they operate in today’s digital, connected, and regulated world.
- Identify your critical assets. Organisations need to identify their most critical assets and have alignment with the board and executive team down to the individuals who are responsible for protecting them. Organisations must assess what data is critical, where it is stored, how it flows across the organisation, and who really needs access to it. This could include customer data and intellectual property which could be stolen, or operating and manufacturing technology which could be sabotaged.
- Conduct a comprehensive risk assessment. Once alignment on critical assets has been established it will be easier to pinpoint vulnerabilities and assess cyber preparedness. Review cyber security deficiencies and vulnerabilities across all key enterprise areas including business practices, information technology, IT users, security governance, and the physical security of information assets. Risk could also manifest itself as losses due to business interruption and especially reputational damage.
- Take a holistic approach to cyber governance. Mitigating cyber risk is not just an issue for tech teams. The scope of risk means that guarding against attacks should involve key players across all enterprise functions and entities. Educating employees and leaders at all levels on the scale of risk, and getting in place provisional crisis plans will help build a truly cyber-resilient organisation.
- Keep your defences sharp. A secure environment requires ongoing validation and can become vulnerable in an instant. Deploy techniques such as pen testing or red teaming exercises to ensure your applications, networks and endpoints are not left vulnerable.
“The Aon Cyber Risk team works with clients to improve their proactive posture to cyber risk threats, and respond more effectively in the event of an attack. Aon’s recent acquisition of Stroz Friedberg Inc., a leading global risk management firm based in New York City, allows us to combine standards-based cyber assessments and industry-leading risk transfer solutions, to provide our clients with the benefits of an integrated approach to managing and mitigating the systemic risk of cyber threats,” concludes Kerry.
Click here to read the full article.
AON also offers a 15 minute diagnostic tool to help you determine how exposed you are to cyber risks.