Cyber ​​insurance changes put IT security at the top of management priorities

Cyber ​​insurance changes put IT security at the top of management priorities

Most organizations are happy to invest in information technology that can support their people and their day-to-day operations, writes Julian Critchlow of Extreme Networks.

For many years, investments in IT security have been tempered by the added protection of cyber insurance. However, with recent global tensions, cyber insurance business models are rapidly changing and many organizations will need to rethink both their cyber security posture and their insurance and risk management strategy. The Lloyd’s Market Association Bulletin* guidelines on cyber insurance exclusions mean an immediate need for reflection and reassessment.

Until recently, security was often viewed as a cost center rather than a source of potential profit. Nor is it a trivial task to put in place what is necessary to minimize an organization’s risk profile. However, while these expenses encompass far beyond product solutions and can be transformational in all aspects of a business, the weakest link remains human error.

In addition, other issues are on the minds of senior executives, including supply chain issues and economic downturns. Many fall into the trap of thinking that it is best to focus on existing challenges and wait to address potential challenges.

Regardless of management’s view, security threats are growing in number and sophistication. Unfortunately, it is not a question of whether an organization will come under attack but when.

There are three ways an enterprise security team can get senior management’s attention and convince them of the need to invest in cybersecurity tools and processes. These means are:

  1. Describe the problem in business terms: in many cases, IT departments and managers make their spending arguments based on highly technical concerns that can be confusing to non-techies. This then makes them easy to reject.

    A better approach is to focus on the implications from a business perspective. Clearly explain the damage a successful breach would have on the organization and the costs that would be incurred. Cite examples of recent breaches at other companies and the resulting fallout.

    IT teams also need to highlight the impact a security breach could have on the reputation of the organization in the wider marketplace. Explain that this could lead to a loss of long-term customer confidence and reduced expenses. The more real-world context that can be provided to senior management, the more likely they are to approve security budgets.

  2. Present as a team: rather than just introducing the IT or security team to senior management, involve representatives from other areas. For example, the head of the manufacturing department might describe the implications a data breach would have on the ability to fulfill customer orders.
  3. The research and development team could explain the long-term implications of leaking or locking sensitive corporate data following a ransomware attack. Such an event could have a devastating financial impact on the company.

    Additionally, the finance team could explain the monetary impact the disruptions would have on the business. In addition to short-term benefits, this could have a negative and long-term impact on the share price. By coming together to demonstrate the wide-ranging effects of a potential security breach, teams can help business leaders understand that this is more than an IT issue and should be prioritized accordingly.

  4. Become a management priority: Maintain consistent communication with senior management to ensure IT security remains one of the organization’s top priorities. Managers are constantly faced with multiple problems and therefore it is essential to be at the top of the list.

    Instead of only reporting when there is a problem, provide regular reports on all attacks that were prevented and the measures that ensured the protection of critical resources. Also provide clear explanations of security breaches that occur in other organizations and the loopholes that allowed those breaches to occur.

    A good way to gain priority status is to hold regular updates at the board level. This will allow teams to highlight important issues and respond directly to management questions.

The task of ensuring that safety becomes and remains a management priority is an ongoing task. However, with regular and consistent communications, the message will get through. The result will be approved budgets that will allow the IT team to put in place the necessary measures to ensure that the risk of future attacks and disruptions can be mitigated.


Julian Critchlow is the Managing Director of ANZ at Extreme Networks.

Cyber ​​insurance changes put IT security at the top of management priorities


lawyers weekly logo

Last update: August 24, 2022

Posted: August 24, 2022

Comments are closed.