" risk assessment Archives - LuxSci

Posts Tagged ‘risk assessment’

What is Cyber Insurance?

Tuesday, March 1st, 2022

As cyberattacks are increasing in frequency, many organizations have come to view them as inevitable. Even organizations that have a strong cybersecurity program can be impacted by a zero-day vulnerability or employee errors. Cyber insurance helps limit the impact of a cyberattack by helping organizations recover the costs. Cyber insurance is not a replacement for a comprehensive cybersecurity program. In fact, many cyber liability insurance policies require organizations to take steps to secure sensitive information.

cyber insurance

Who Needs Cyber Insurance?

In the 1990s, the earliest forms of cyber liability insurance were created to help address data processing errors. California’s passage of the Security Breach and Information Act in 2003 led to increased demand for insurance policies. Under this law, California companies were required to notify customers if their information was accessed or stolen by unauthorized persons. As other states passed similar laws and instituted financial penalties for data breaches, cyber insurance policies grew in popularity.

Historically, financial information and credit card numbers were prime targets for cyber criminals. As ecommerce and online banking took off, large financial institutions and retail chains were likely to have cyber insurance because of their increased risk. More recently, cybercriminals have expanded their scope to go after sensitive information collected by other industries. The healthcare, education, and manufacturing industries have become frequent targets for cyber criminals. As a result, more organizations are buying cyber insurance. According to the Government Accountability Office (GAO), cyber insurance sales increased from 26 percent in 2016 to 47 percent in 2020.

This means that any business transmitting or storing sensitive data online is vulnerable to a cyberattack. Sensitive data is not limited to financial information or medical records. Intellectual property, customer or lead lists, and other types of company data could all be at risk.

What Does Cyber Insurance Cover?

There are many types of cyber insurance policies and different coverage options. However, most plans reimburse companies for expenses caused by cyberattacks. Common coverage options include:

  • data recovery costs
  • system forensics to discover the cause of a cyberattack or location of a breach
  • customer notification and reparation costs
  • system repairs
  • legal fees

Some cyber insurance policies may even cover the cost of paying a ransom if compromised by ransomware. Although, it’s tempting to pay a ransom and resume operations quickly, organizations should not count on insurance reimbursement. Law enforcement also discourages companies from paying ransoms and these fees can be quite hefty.

What Doesn’t Cyber Insurance Cover?

Unfortunately, cyber insurance can’t help a company recover from the reputation costs of a data breach or security incident. Many organizations suffer from a loss of business in the aftermath of a cyberattack or breach. Cyber insurance does nothing to defray those costs.

Can I Ignore Cybersecurity?

On that note, it should be obvious that cyber insurance is not a replacement for a strong cybersecurity program. In fact, most insurance providers require organizations to meet minimum security standards to qualify for coverage. Failing to meet these standards may cause the company to void insurance policies.

In addition, lowering the organization’s risk profile by implementing a security program can also help lower insurance premiums. Demonstrating that the organization takes privacy and security seriously can help make these premiums more affordable.

Conclusion

In conclusion, any organization that transmits or stores sensitive information online or is reliant on internet-connected devices to perform vital tasks, should explore coverage options.

5 New Year’s Resolutions to Improve Your Cybersecurity

Tuesday, January 4th, 2022

Happy New Year! Start the year off by making a New Year’s resolution to improve your cybersecurity. Here is LuxSci’s list of what your organization needs to do to prepare for the new year.

cybersecurity new year’s resolution

Read the rest of this post »

What is HITRUST Certification and Why Does It Matter?

Tuesday, December 7th, 2021

Any company can claim to be HIPAA-compliant, but if you are considering using their services, it’s worth understanding what they mean. Using a vendor that self-attests compliance is risky. As a result, many serious organizations use a third-party validator to assure that they are doing all the right things regarding security and compliance. If you work in the healthcare industry, a HITRUST certification is one of the most widely respected third-party validators.

hitrust certification

Read the rest of this post »

Interview with Security Compliance Associates for HIPAA Security Risk Assessment

Wednesday, August 27th, 2014

Yearly HIPAA Security Reviews are critical to meeting compliance requirements of all organizations under the HIPAA umbrella, either directly or via being a Business Associate.  We have found that many organizations, especially the smaller ones, do not place much emphasis on these reviews, skip them, ignore them, or hope that they go away.  They treat them as a necessary “check mark” rather than an active process that is instrumental to maintaining security and preventing the breaches that been cropping up all over the news.

Solid Security Reviews improve your company’s inherent security posture and awareness and the security of all services you employ through all vendors … including your secure email and secure forms.  I.e. the security of your outsourced services can be compromised if your own systems are compromised.

As such, LuxSci proactively recommends all HIPAA customers and all customers with similar needs, to undergo yearly security reviews.  One excellent organization that performs these is Security Compliance Associates.

Today we are interviewing Randy Homa, Senior Vice President and Director of Health Care Services, at Security Compliance Associates (SCA). He will address many of the questions we have had posed with respect to HIPAA Security Reviews.

Read the rest of this post »