What distinguishes a good cyber risk plan?

Recently it has been said that there are two types of companies: those that have already been victims of cyber-attacks and those that are going to be. Attackers often go undetected for quite some time before the damage is discovered and during that time they can collect information on company processes and methodologies, but also sensitive data from partners and customers.

The main characteristic of a cyber risk action plan is that it provides resilience (the ability to get out of a crisis and return to normal) by operating before, during and after the incident. In addition, the following are key points for effective protection:

- Conduct a risk assessment, identify potential vulnerabilities and address them following a report, verify compliance with international standards for handling banking information.

- Provide continuous training to personnel. Technology is constantly advancing, it is important that the entire staff has training to reduce threats, not only the IT department, since 80% of the risk is attributed to human error.

- Retroactive protection. According to IBM, the average time it takes to discover a cyber breach is 206 days, there are many possible damages in that period, so an insurance policy with retroactive coverage is important in the face of this type of threat.

- The support of a team of experts. If the necessary support is in place, many times the incident does not escalate to a serious problem, for example, cases of ransomware (data and file hijacking) in which it has been possible to unlock and recover everything that has been breached. This should include computer forensics teams, legal advisors, notifications, call-centers, credit monitoring research, credit freezing and fraud alerts.

In Mexico, the legal framework obliges third parties to report if their information has been compromised in this way, and there are even fines that, although lower than those applied in Europe, amount to 2 or 3 million USD. This is without considering the damage to customer confidence and the company's image.

Because of the health contingency, it seems that the whole world is in a home office, a situation that, however comfortable and beneficial it may be, also creates vulnerabilities in the handling of company information, as each personal computer becomes a potential access point.

We invite you to contact us to find the best option to protect your business against this type of threat.

For more information, please contact us via:

Fidex contact: +52 (81) 8133 6100

contacto@fidex.com.mx