October is Cyber Security Month. Somerset CPAs and Advisors encourages our client leadership to have a deep understanding of their organization’s cyber threats. Knowing is the first step in minimizing risk! Somerset’s here to help.
TOP TEN THINGS CEOs, CFOs, AND CONTROLLERS SHOULD KNOW ABOUT CYBER SECURITY
- What are the organization’s most valuable digital assets? Cyber attacks and security breaches will continue to occur and will negatively impact the business. Looking at your firm’s most valued systems will also signal where your organization’s biggest risks and vulnerabilities lie.
- How much cyber liability insurance coverage is necessary to financially protect the company’s assets?
- What is your organization’s risk of a cyber breach? According to most cyber security surveys, over 60% of all data breaches originate from unauthorized access from one of the organization’s current employees, former employees or third-party suppliers.
- Has the organization created an insider-threat program to mitigate the risk of a cyber breach from within the organization?
- What actions should your organization take to ensure real cyber security? Achieving compliance with one or more government regulatory standards for information security (i.e. ISO 27001, NIST 800-171, HIPAA, NYDFS, AICPASOC, etc.) is good, but not sufficient to ensure real cyber security.
- Has the organization had an independent email and network threat assessment recently conducted? If so, what were the results?
- Has the organization had an independent assessment of the adequacy of cyber liability insurance coverage? Cyber liability insurance premiums are significantly increasing in cost and often do not cover all of the damages caused by a cyber breach.
- Does the organization have the internal resources necessary to perform MDR (Monitoring, Detection, and Response) work, or does it need to outsource these efforts? If so, how much will it cost? To achieve real information security and data resilience it is vital to combine managed MDR with Managed Security Services (MSS).
- Does the organization have a comprehensive incident response (IR) plan, disaster recovery (DR) plan and business continuity plan (BCP)?
- If the organization is attacked by ransomware, are is it going to pay the ransomware? If so, how much should be budgeted? Will it be covered by cyber liability insurance coverage?