The current cyberrisk landscape comprises a range of evolving threats, from phishing schemes to third-party vendor vulnerabilities. Companies looking to secure valuable assets, including data, can better prevent and manage cyberattacks by consistently assessing these threats and any potential weaknesses, starting with taking into account the below considerations.
- Is your company’s cyberrisk being managed by the appropriate risk assessment and management programs?
- Where is your company with respect to developing and communicating internal controls, policies, procedures, and standards?
- Does your company have controls in place to restrict, manage, and monitor authorized access to the network?
- Is there ongoing training in place to help prevent and detect cyberattacks against your organization?
- Are you able to effectively manage the unique risks involved to mitigate the potential loss of company information maintained by third parties?
- How strong is your governance and management of cyberrisk?
- Have you properly addressed disclosure and notification requirements and unique jurisdiction issues?
- Are you prepared to address unique requirements such as a mandatory written information security program, disposal standards, or a New York State Department of Financial Services annual certification requirement?
- Does your company have insider trading controls in place to address issues after a cyber matter is discovered?
- Is your company conducting legal review of key phases of its cybersecurity and privacy program?
In our recent Technology Marathon program, “Cyberinsurance: Is Your Company Covered?” we tackled ongoing cyberrisk developments and coverage of cyberinsurance, including key elements of coverage, recent trends on coverage issues, and critical factors your company should consider as part of your overall cybersecurity protection strategy.
Media Module - Datasource Item: Considerations When Assessing Your Companys Vulnerability to a Cyberattack