Shadi Razak, the co-founder and CTO of Cynation is concerned by what he sees as a lack of true appreciation for cyber risk across businesses. Companies are buying insurance as a replacement for protection rather than tackling the fundamental issues.
It’s not just about how a company understands it’s own risk, but also quantifying the risk from third parties. Many companies are outsourcing key services today, potentially increasing exposure to attacks via a third party with lower security standards. A traditional “cyber risk audit” can be expensive and may not always be comprehensive. Cynation believes it has identified the 10 key factors that determine a company’s cyber risk and is creating assessment tools around these factors. Above all though, Razak noted, there needs to be full collaboration between companies and insurers; it’s hard to clap with one hand.