People in Insurance: Changing the Conversation

How can brokers better advise clients with deficient cybersecurity architecture? What steps can we and our clients take to raise our cyber resilience and reduce the potential damage of an attack?

Businesses that haven’t suffered a cyberattack are in the minority, or alternatively, they simply haven’t discovered that it has happened yet. Infoprotect reports that 51% of businesses have suffered from a cyberattack or breach in the past year alone. In this episode of the Insurance Broker Podcast, returning guest Brad Fraser, CEO of Infoprotect, speaks about how we can improve the cybersecurity scaffolding that is so crucial for our data-centric industry, within our own businesses and those of our clients. In conversation with Boston Tullis’ Sarah Myerscough, he explains that while we are all potentially susceptible to a cyberattack, we need not cower in fear of this possibility. He outlines a straightforward and systematic approach for improving your cyber resilience, without deploying any of the jargon that often makes such advice inaccessible.

 

Quote of the Episode

“[Left of bang is] a term that was coined by the military, I think in the Iraq War. It's about being prepared and able to protect yourself before the attack happens. Be aware of your surroundings, have a situational awareness, and make sure that you've taken all the steps, because the last thing you want to happen is an attack to take place, and you're not prepared. Then you have to launch into a survival mode and scramble to get everything sorted out, and you suddenly realise, ‘I didn't do the basics. So, it's about situational awareness. When it comes to cyber, it's really around resilience… Just being resilient, and following the steps that can help you be resilient is so important.”

Much of the advice often distributed with regards to cybersecurity is retrospective, and only applicable after an attack has already taken place. Brad emphasises that to truly minimise the risk of such attacks, we must implement an array of systems and procedures by which they can be warded off. He offers a ten-step plan for building cyber resilience, also outlined in a blog on the Infoprotect website linked below, through which both small businesses and large enterprises can assess the state of their cybersecurity and implement measures for improving it. In doing so, you can ensure that your business and your clients can always remain ‘left of bang’ of any potential cyberattack.

 

Key Takeaways

When you’re putting out fires in your day-to-day work, it’s easy to overlook good procedures for maintaining healthy cybersecurity, and to allow any deficiencies within your digital infrastructure to go unchanged. Such nonchalance is exactly what cyber attackers aim to identify and exploit when targeting businesses.

Brad asserts that we must take a proactive approach to managing cybersecurity and building cyber resilience. He argues that this must begin with a comprehensive risk assessment of your digital infrastructure, thereby establishing a baseline from which your systems can become more resilient to attack.

Data has become the backbone of our industry, and therefore its secure storage and management is paramount. If our data is compromised in a cyberattack, the fallout will not simply be the loss of money and resources attributed to recovering it, but also the reputational damage of having insufficient cyber resilience. Brad argues that good data security is hinged upon several often underexamined areas of cyber resilience:

• Asset Management – how is your hardware and software infrastructure built to ensure that systems are impenetrable?
• Vulnerability Management – once you have cybersecurity software, are you keeping it up to date? What condition is it in?
• Identity & Access Management – who can access the various systems within your business?

Instilling cyber resilience is not about raising hysteria about the prospect of cyberattacks. Rather, once you’ve got a plan, you become prepared, and able to respond in the event of an incident. Cyberattacks should be assessed and planned for like any other tangible emergency. To facilitate this, it’s key to de-jargonise the conversations happening within this space, so that brokers and their clients alike are able to more easily comprehend the importance of cyber resilience measures, to prevent the worst from happening.

Infoprotect offer a cyber resilience package to help brokers with managing their clients’ cybersecurity. To find out more, visit their website linked below, or contact Brad, who is happy to help!

 

Best Moments/Key Quotes

“Who has got access to your data? And what do you do with it? Do you encrypt it? Do you keep it in a separate repository? Do you keep it offsite? Do you back it up? What do you do with your data? Your data is so important to your business, and if it is stolen and shared, that's the last thing you want to happen.”

 

“This is not putting fear into people. It's purely saying, ‘Just be ready for this’. It may or may never happen, and if it doesn't happen, well, that's good, isn't it? Who cares if it happens or not? Let's be ready for it. That's the most important thing.”

 

‘We need to make the internet and our whole way of communicating over the internet safer.’

 

“Unfortunately, there's a lot of people out there that are using fear. And they're using jargon and they're using buzzwords and they're saying, ‘You're always going to be in trouble.’ Follow the basics. Get your layers [of cyber resilience], go through those, and you're going to be much better off than people that haven't.”

 

 

Resources

Infoprotect – Cybersecurity: https://www.infoprotect.co.uk/cybersecurity/

Infoprotect – 10 Steps to Cyber Resilience: https://www.infoprotect.co.uk/blog/10-steps-to-cyber-resilience/

OpenText – What is Cyber Resilience?: https://blogs.opentext.com/cyber-resilience-definition/

 

About the Guest

Brad Fraser is the CEO of Infoprotect, an IT solution provider that designs complex technology solutions for clients. He specialises in Cyber Security and Data Backup as well as having a host of experience in security services and managed solutions.

Brad’s LinkedIn Profile: https://www.linkedin.com/in/bradfraserentrepreneur

 

About the Host

Sarah Myerscough is the Sales and Marketing Director of Boston Tullis Group. The founder of The Insurance Brokers Podcast, she brings a wealth of experience and a fresh perspective on communication in the insurance sector. Boston Tullis works with insurance professionals to build effective communication both internally and externally through podcasting, event reporting, videography, and internal communications facilitation.

Website: https://bostontullis.co.uk/ 

Evaluation Link: https://s.bostontullis.co.uk/s/podcastevaluation