Information security and cyber risk have risen to prominence in recent years, and their potential impact should not be overlooked. With increased emphasis on how businesses must defend themselves and increased scrutiny on what must be done to handle the future effects of a cyber incident, insurance is becoming an increasingly valuable component of the solution. However, there are issues.
For instance, businesses purchase cyber insurance under the expectation that it will automatically protect them against the risks they face, but how will the insurance industry be certain that their customers are playing their part to maintain the cover provided?
We continue to hear stories of organisations failing to take even the most minimal of compliance steps to protect and sustain their security capability. This is what ISO 27102 is here to achieve.
“ISO 27102 provides guidelines for adopting cyber insurance as a risk treatment option to manage the impact of a cyber incident within the organisation’s information security risk management framework,” according to ISO/IEC JTC 1/SC27 DIS 27102 – Information security management guidelines for cyber insurance.
What this means is that:
ISO 27102 attempts to structure the cyber insurance situation by focusing on the insured and outlining the different main procedures that can be handled or implemented as part of the measures that insurers are likely to need. The standard examines the types of losses that are insured and the safeguards that must be in effect to accommodate insurance companies.
According to ISO/IEC 27102, an ISMS “will provide the insured and insurer with information, records, and paperwork that can be used during the implementation, extension, and life of the cyber-insurance policy. The content of ISO 27102 is built on the procedures and proposed capabilities contained in the broader ISO 27000 family of information security standards, and as a result, there may be some degree of compatibility with certain organisations’ existing processes.”
ISMS.online makes setting up and managing your ISMS as easy as it can get.
We can’t think of any company whose service can hold a candle to ISMS.online.
Cyber insurance is a type of insurance that protects against both direct losses and indirect costs caused by a cyber incident.
This includes covering the cost of notification, credit monitoring, identity theft protection, regulatory defence costs and public relations costs among other things. Cyber insurance also covers a wide variety of risks including, but not limited to: data breach, denial-of-service attacks, extortion, distributed denial-of-service attacks and ransom demands, and access to subscriber data stored on your servers by a third party.
These can quickly add up to tens of thousands of pounds if your site is hacked or some of your user data falls into the wrong hands. It’s impossible to underestimate the importance of cybersecurity today. Years ago, the biggest worry for individuals or businesses was fire, flood and accidental damage to records.
Today it’s hackers who are constantly trying to get into your systems. Just like no one could afford to be without fire insurance some years ago, it doesn’t make sound economic sense for any business or individual to try and operate without cyber insurance today.
NOTE:Cyber insurance will not resolve any of your cybersecurity concerns immediately, and it will not protect you from a cyber breach/attack. Much as homeowners with homeowner’s insurance is required to have appropriate protective procedures in effect, organisations must strive to take steps to safeguard their most valuable assets.
Cyber insurance will only assist your organisation with gaining back its footing in the event that anything cyber-related goes wrong. Apart from mitigating business interruption and offering financial security in the event of an incident, cyber insurance can assist with any subsequent legal and regulatory actions.
With ISMS.online, challenges around version control, policy approval & policy sharing are a thing of the past.
A cyber incident may have a number of negative consequences for an organisation.
ISO 27102 establishes guidance that an organisation can adopt when considering buying cyber insurance as a risk control option for mitigating the effects of a cyber-incident within the information technology risk management system.
The purpose of ISO 27102 is to suggest recommendations for organisations to:
This standard is compatible with organisations of all forms, sizes, and type in order to support them in preparing for and purchasing cyber insurance. ISO 27102 also seeks to address the following:
According to the World Economic Forum’s 2015 Global Risk Study, technological threats such as data theft, cyber-attacks, and technology failures rate among the top ten global economic risks.
Given the magnitude of these threats, it is critical that we begin exploring market-driven strategies for enhancing the protection of organisations that hold all of the personal information. One such approach is cyber insurance. However, a set of guidelines or framework will help organisations speak the same language when it comes to cyber insurance regardless of industry or location. This one of the core benefits of adopting the ISO 27102 standard for cyber insurance.
At ISMS.online, we leverage our expertise and cutting-edge technology to provide a cloud-based platform that enables you to demonstrate compliance with the cyber insurance standard. Our platform can help you demonstrate that your ISMS meets the basic requirements to complement your cyber insurance checklist.
ISMS.online also provide a Virtual Coach that offers 24/7 context-specific support. You can chat with us from within our platform and you’ll never take the wrong step or lose your way. Call ISMS.online on +44 (0)1273 041140 to find out more about how our platform can help you run an integrated management system that works well with your cyber insurance framework.
Download your free guide
to streamlining your Infosec
Easily collaborate, create and show you are on top of your documentation at all times
Find out moreEffortlessly address threats & opportunities and dynamically report on performance
Find out moreMake better decisions and show you are in control with dashboards, KPIs and related reporting
Find out moreMake light work of corrective actions, improvements, audits and management reviews
Find out moreShine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Find out moreSelect assets from the Asset Bank and create your Asset Inventory with ease
Find out moreOut of the box integrations with your other key business systems to simplify your compliance
Find out moreNeatly add in other areas of compliance affecting your organisation to achieve even more
Find out moreEngage staff, suppliers and others with dynamic end-to-end compliance at all times
Find out moreManage due diligence, contracts, contacts and relationships over their lifecycle
Find out moreVisually map and manage interested parties to ensure their needs are clearly addressed
Find out moreStrong privacy by design and security controls to match your needs & expectations
Find out moreWe have everything you need to design, build and implement your first ISMS.
We’ll help you get more out of the infosec work you’ve already done.
With our platform you can build the ISMS your organisation really needs.
100% of our users achieve ISO 27001 certification first time