Companies, like people, easily succumb to a false sense of security. Just because you have homeowner’s insurance, doesn’t mean you shouldn’t tend to aging trees or leaky pipes. The same rings true with cybersecurity strategies.
Insurance is there ‘just in case,’ but in the case of a cyber-attack it’s just a matter of when. That said, businesses need to mitigate their risk of breaches just as much as homeowners need to reduce their risk of property damage!
Just review the case between Mondelez, the company which owns brands like Oreo and Nabisco, and Zurich Insurance. Following a 2017 NotPetya attack, Mondelez filed a claim on its policy with Zurich. However, it was denied based upon an exclusion in the policy regarding “hostile or warlike action in time of peace or war.” Of course, Mondelez then filed a lawsuit against Zurich— the outcome of which is currently unknown.
Cyber insurance may be prudent to have; however, a solid cybersecurity plan is a must-have. As seen in the Mondelez-Zurich case, the safety net of a policy rests on attack specifics. That said, businesses that also invest (heavily) in developing and growing strategic, comprehensive information security strategies will be better positioned to handle when ‘the house is breached… by a tree (aka hacker).’
As breaches and awareness of them increases, do you think more companies will begin approaching cybersecurity as a business priority and invest accordingly? As the need increases, will the supply of qualified (note I said qualified, not degreed) infosec professionals grow rapidly enough? There’s already a ‘gap’ between the number of professionals vs. the number of available infosec jobs.
But what if the field of professionals isn’t quite as small as it’s been labeled? What if it’s the identifying and hiring process that’s more problematic? There’s often a disparity between a company’s job description, the role in ‘real-life,’ and the background/skills on a person’s resume. The disparity; however, is often perceived—due to a lack of understanding by a recruiter or hiring manager (or job board algorithm).
Collaborating with an established recruiting firm that specializes, exclusively, in cybersecurity can help mitigate this disparity. Ashling Team’s cyber-focused recruiters understand infosec roles and how various skill sets and experiences apply, or even serve as stepping stones, to a myriad of infosec roles across various industries. Ashling focuses on aligning people with opportunities, and companies with the opportunity to hire the people who will help ‘safeguard the house against breaches.’