People make the difference when striving for cyber resilience
When protecting the digital interests of public entities, the biggest concern continues to be the people. That’s according to a recent Denver lunch and learn hosted at IMA, Inc. that welcomed a panel of experts specializing in cyber risk.
"Employees are at least 60 percent of the cause of data breaches,” said Brian Branner with Risk Analytics. “It’s important to mix proactive and reactive defense when thinking about protection. Because once they get in, it moves very very fast.”
When you mix the unique ingredients of a broad set of confidential information, interwoven agencies, limited resources and politics, the stakes continue to rise.
“Public entities have a lot of extra information as a part of their day-to-day work. Court records, prison information and child welfare data all lead up to much more than just a potential financial loss,” said the panelist David Navetta of the law firm Norton Rose Fulbright. “All of a sudden politics, HIPPA fines and a social media backlash can create something very ugly.”
But another key message from the panel was that when you strive to be cyber resilient, your protection and response helps mitigate the possible attack. The panel stressed the importance of being proactive in your defense by talking with a broker like IMA to help navigate more than 60 different products to choose from. Being proactive by understanding your plan also allows for a much more efficient response.
“If this isn’t your day job, then navigating a data breach and compliance can be daunting,” said Tim Burke, director of cyber risk for IMA, Inc. “One of the perks of coverage is it often comes with immediate access to qualified resources including a data-breach coach to understand your obligations. By partnering with IMA you have an immediate incident response plan and risk transfer solution.”
Do you have senior leadership buy-in?In the current environment of probable attacks and swift public judgment, preparedness is key. How would your organization’s due diligence be judged in the court of public opinion? When preparing your mission-critical cyber risk plan, IMA suggests public organizations start by asking the following questions:
- What types of information do you collect?
- Where is your information stored?
- Where is it sent?
“The shift has moved from being reactive to preparedness and readiness,” Burke said. “Protecting your digital assets is mission critical.”
For information on how your organization can be cyber resilient, contact IMA today.