It’s finally Week 1 of National Cyber Security Awareness Month and this year’s theme is #BECYBERSMART. By the end of the month, our journey each week will help make you be just that.
As we begin our journey, we must first understand that everyone is at risk. Everyone means everyone. For more than a decade I have been repeatedly told by an agent that their customer says, “we don’t have any risk.” Therefore, our Week 1 topic is Understanding Why Anyone Is At Risk.
A fundamental flaw in Cyber Liability Insurance is its very name. Human beings are funny in how we see the world. Our nature is such that we want to buy things that matter to us. This dynamic is true in what we buy, where we shop, and what we spend. It is a behavior pattern.
With this in mind, most of small business America tells you they have no risk. This “have no risk” mindset comes from a “not yet” reality they live in. It means that I have had no event, therefore, I surely have no risk. The old saying of “it’s not if but when” is likened to the boy who cries wolf. So why does everyone think they are not at risk, and why is that the reason they use the most to not purchase Cyber Liability Insurance. Perhaps it’s partly in the name.
What is Cyber Liability Insurance really covering and what is it going to protect me from? Ask this question and you will find you get a lot of different answers, none of them wrong- but none of them right either. If many people answer this question many ways, it is easy to understand why so many have a perception they do not need it. Let’s start with the premise that everyone is at risk and illustrate why this is.
Cyber Liability Insurance is actually a digital assets package policy (DAPP) providing coverage for both the liability issues arising from a covered act, and the first party loss/expense as a result of that covered act. Now if you speak like that to Joe Smith in Mainstreet USA he will be glossed over. Talk his language- it covers you if you get sued or get fined for some kind of Cyber risk (liability), and it covers your costs to restore it new (property).
Even with this explanation, most still do not see the risk, but they now understand the insurance. We are halfway there. The other part is to explain the risk, and to explain the risk, we need to revisit behavior patterns.
The interesting thing about behavior patterns is that they do not just influence what we buy, but they are also the biggest risk to commercial businesses in 2020 for causing the Cyber event they think they won’t have. It is almost like Cyber Karma. As we will explore in later entries, employees account for the overwhelming majority of being the ground zero for ransomware, phishing, BEC and other types of security breach and privacy compromise events. As such, the focus needs to be on the employee despite all of your best security policies, programs, processes and efforts.
Simply put, you are at risk unless behavior patterns are changed by those who you employ. I explain it like this:
I own a house. It has windows and doors, which I keep locked. I have a Ring Video Doorbell system, along with a security system, outdoor lighting, and a yard that is fenced. I have a lot of layers of security in my house to keep me safe. My son went out last night after 10PM when we were asleep. He turned the alarm system off and took the car out. He forgot to close the garage door when he left, and thieves walked right in and stole the China. Not real, but it gives you an idea that despite all you do to protect your stuff, it only takes one teenager to pull the plug.
Or I am cooking outside in the backyard and have a large party going on. Friends and family and even some people I don’t know have all stopped over to celebrate summer. At this point me and my family are outside in the back yard, and people we don’t know are being let right in through the front door. Once in, they are free to pilfer the pantry and loot the laundry room.
The point is, we are all at risk, and it is coming from within. Your concern is not whether or not you have locked the doors. Your concern needs to be more on who you open the door for.
Next week join us as we add a little more detail to behavior patterns and how we can work to change them to make us all a better risk as we look at The Means to an End in the Digital Age.
[…] week’s topic of UNDERSTANDING WHY ANYONE IS AT RISK provided an inside look at the inside coming out risk that causes Cyber events. We learned that the […]
[…] to Week 3 of National Cyber Security Awareness Month. Reviewing what we have learned so far, Week 1 taught us to understand that anyone is at risk of a Cyber event happening to them. In Week 2, we […]
[…] Week 1 was all about understanding that our security layers of processes and software is not the weak link. It is the employees and their behavior patterns ingrained by human nature that is the vulnerability gap. Social engineering is designed to exploit this human nature in order to compromise integrity or gain disclosure of confidential information. […]