Contact DEFENCY
Do you have any questions, suggestions or simply need technical expertise in the field of cyber? Then don't hesitate to contact DEFENCY! We're happy to help.
FAQ
General questions
on information security and risk management
Assets are defined through a threat and vulnerability analysis and an inventory is created of if and how these assets are protected.
A tried and tested method is providing further training of your employees. 2/3 of cyber damage is increased or provoked via poor behaviour on the part of staff.
Development of an emergency plan in the event of a cyber attack.
In order to identify your first vulnerabilities, it is worth using screening tools that point to open vulnerabilities in IT security for just a small investment.
An individual and comprehensive test by a specialized IT security consultant delivers precise results.
Many statistics show how important the factor of employee misconduct is. Around 2/3 of all cyber incidents are due to negligence (e.g. incorrect assessment of the situation), omission or even intent on the part of staff.
Employees can be regularly trained in information security. This can be done efficiently and cheaply, and it is highly effective in significantly reducing the likelihood of a cyber incident.
A protection requirements analysis can be helpful here, and serves as a foundation for setting up a general strategy.
Assets can be: personal data, processes, process engineering or - obviously - your own IT infrastructure.
First, it's important not to panic and to make thoughtful and prudent decisions. However, time is a crucial factor.
Is there an emergency plan? If not:
- Who takes on what responsibilities?
- Which service providers are consulted? Are there any existing contacts or agreements with service providers?
- Is it the right service provider? Few system houses have sufficient knowledge for responding to such incidents.
FAQ
Risk management and risk transfer
Transfer risks from your company to cyber insurance
At its core, cyber insurance covers many of the risks that threaten information security. This wealth of services is linked to conditions and requirements. These become obvious when you look at the "exclusions and obligations" (instructions on how to behave) of the contracts. This includes the definition of the insured event and the triggers.
For example, some contracts provide for quite complex "state of the art" clauses or require qualified backup, patch or authorization management, which is often difficult to implement operationally and can lead to discussions in the event of damage.
The definition of an insured event sets the course for settlement of the claim. Certain conditions must be met for damage to be regulated.
In the insurance market, however, the cleansing of cyber risks in non-cyber insurance contracts is ongoing. In this way, content from cyber risks is excluded from conventional forms of insurance. This is done to eliminate "unpredictable" risks and to establish the cyber insurance solution as a "stand-alone" solution.
Quite often, despite having cyber insurance, there are needs that are not covered by "standard solutions". Also, some obligations are incompatible with their customers' operational activities. This needs to be checked to find out if your cyber insurance suits your company.
At their core, all products come with assistance, third party and first party coverage. However, the terms and content of the insurance products are very different.
Even well-known comparison portals and rating agencies do not manage to create a deep, uniform and understandable basis for comparison.
Important differences in the content of the general conditions are taken into account less often, but are decisive for a suitable cover protection.
Cyber insurance covers many risks. However, 100% protection can never be guaranteed. Residual risks can be intentional damaging crimes by management or employees, or failures in public infrastructure.
"As much as possible" - That's the answer given by many consultants. However, one shouldn't choose a coverage amount out of the blue in the hopes that this is sufficient. Instead, one should determine the coverage amounts using cyber risk management methods. Therefore, in this case, a business impact analysis (BIA) is recommended to limit and document the sums, as between €1,000,000 and €10,000,0000 of the sum insured is usually several thousand euros in premiums.
In addition to the usual virus protection and the use of current firewall technology, other areas are queried in the insurers' admission questionnaires. For example, employee training is becoming an increasingly high priority, along wth emergency plans and qualified back-up systems being in demand.
Depending on the insurer, a questionnaire can contain between 7- 70 questions and should give the insurer the best possible picture of the risk to be insured.
In addition to questionnaires, evermore "screening tools" (e.g. SSL/TSL) are being used to support the underwriting of the insurer.
Audits by insurers or external specialists are also used from a certain risk level. Factors can be company turnover, high insurance amounts or special risks/industries.
Previous damage is generally not an exclusion criterion. Some insurers are flexible here and are re-evaluating the situation.
Of course, the lessons learned and measures taken from the cyber incident are decisive.
Restrictions in the conditions, reduced sums insured or increased deductibles must be expected.
FAQ
Cyber environment
Cyber crime and cyber risks
"Hackers" are often the first thought and in fact this organized crime poses a great danger. According to the FBI, for the first time ever, cybercrime is outperforming the international drug trade.
Errors by employees or third parties (providers), for example, through incorrect data transfer to third parties, incorrect handling of your own IT or even simple system failures, can lead to damage.
Believing that you're of no interest to attackers would be a fatal misjudgment. Ultimately, attackers are after profit. It doesn't matter to them whether they get it through a ransomware attack on a logistics or manufacturing company.
Ultimately, every company has assets. At the very least, sensitive employee data is an asset particularly worthy of protection, according to DSGVO/GDPR, because its publication entails high sanctions.
Money is the main motivator.
Other motives are: vandalism, recognition, competition, politics, ethics, information gathering and other personal reasons.
In a comprehensive attack, the attackers often have access to all of the company's data - including economic data - and then base the amount of their ransom demand on this.
In addition to the presumably already catastrophic shutdown of operations, there are often threats of the final deletion of all data or even the publication of data that is particularly worthy of protection. Here, the attackers' strategy depends on the operating mode.
In a nutshell, don't expect any help from the government — especially operational help to get your business up and running again.
Although the Federal Office for Information Security provides extensive information on all topics in this area, there is no "mobile task force" or other operational support.
Authorities and the police naturally investigate the criminal offences.
