Managers on the front line: How to protect against cyber-attacks?

In recent weeks we have seen a dizzying growth in cyber attacks. Cases such as the cyber-attack in Las Vegas on the MGM Resorts business group, which paralyzed its systems in hotels and casinos and caused losses of around 100 million dollars, or the cyber-attack suffered by the Air Europa airline, revealing the credit card data of a large number of its customers.

Artificial Intelligence (AI) is undoubtedly helping to detect and thwart cyber attacks, but this, in turn, is enabling cybercriminals who can use it to increase the speed, accuracy and frequency of their intrusion attempts .

Senior management must give priority to this issue, since the impact that an organization may suffer as a result of a cyber-attack can have serious financial and reputational consequences, as well as civil liability to third parties, and/or even the imposition of heavy penalties by the authorities.

Add to this an increasingly complex regulatory environment with higher fines, and it is not surprising that Boards of Directors are becoming increasingly concerned about this issue.

Within this framework, the management bodies, being ultimately responsible for any cyber incident suffered by the company, must use all the means at their disposal to guarantee the integrity of the organization, its employees and third parties that may be affected by the incident.

Among the main actions to be carried out to ensure the organization, the following should be noted:

  • Identify and prepare the Risk Assessment.
  • Incorporate cybersecurity in the Security Master Plan.
  • Train and raise awareness among employees.
  • Implement the Zero Trust policy.
  • Review and update procedures and measures to mitigate exposure to attack.
  • Include investment and renewal of IT systems.
  • Design and update the Incident Response Plan and the Business Continuity and Contingency Plan.

From an insurance standpoint, it should be noted that Directors' and Officers' liability may or may not be covered in the D&O policy and by the cybersecurity policy.

Given these circumstances, brokers are a fundamental pillar in helping companies to protect themselves from these cyber-attacks, through a policy that covers, among others, the interruption of services, the possible destruction of data, the risks derived from the privacy of such data, as well as the reputational damage that these breaches cause to companies and the responsibility of Senior Management, as well as in the immediate response to the incident, in order to mitigate the impact of the cyber-attack and its possible consequences.

In conclusion, it is essential for Administrators and Managers to have insurance policies that fully protect them against cyber-attacks on their organizations.