To understand this statement, think of a cyber liability policy the same way you consider a car insurance.
Let’s assume you have a fancy car which you got insured. Now, getting car insurance does protect you if
- You have an accident
- Your car gets stolen
- Someone else’s car gets damaged because of your accident
The list goes on. But, does this mean you can now drive recklessly because you have insurance?
Absolutely not.
Insurance only kicks in after an incident takes place. The onus of driving safe and practicing road safety rules still lies with you.
This is exactly how you should treat cyber liability.
Beyond a shadow of a doubt, you can outsource cyber liability. In fact, it is recommended that you protect yourself in the event of a breach. However, practicing cyber hygiene to prevent a data breach from ever happening is still your responsibility.
Cyber security - A shared responsibility
By ‘your’ responsibility, it doesn’t only connote the dedicated IT department. While it is their duty to oversee cyber security, every asset of the company is responsible for cyber security.
Starting from the interns to the members of the board, everyone should practice and internalize practices to develop a robust cyber security policy laid down by the IT department.
Communication is key
What is important here is to make employees at various levels understand the risks of a potential data breach. It is not enough to have a seminar at regular intervals. The cyber security or IT department needs to put the risks across in a way that is comprehensible. For instance, members of the board can grasp the potential risk of a threat in terms of revenue lost. This requires tools and an unwavering, constant communication between the IT department and the rest of the company.
The bottom line here is while you can outsource a service, you cannot outsource risk.