Canadian Underwriter

Cyber response should not involve ‘running around panicking’

April 23, 2018   by Greg Meckbach

Print this page Share

Clients buying cyber insurance can only be prepared for the risk of a computer security breach if senior executives practice beforehand, a commercial insurer executive told Canadian Underwriter Friday.

Corporate clients need to hold “table top exercises,” meaning they gather not only computer professionals but senior executives in a room, said Dan Trueman, global head of cyber at Axis Capital Holdings Ltd. in an interview. During those exercises, the clients should be presented with a scenario – such as a malware attack on their computer system – and asked what they should do.

During a table top exercise the client has to “think through” how they would deal with a crisis, he said. “The reality is, the first time you confront the challenge that you are faced with, when you deal with a crisis management situation, should not be in a crisis,” Trueman said.

A table top cyber security breach exercise should involve “exactly the same people who would be around the table if an event happened,” said Trueman, who is based in London, England. “In making this as realistic as possible, there is no point in having the senior management too busy to do the tabletop,” he said. They are the ones who would deal with it when the event actually happens.

Bermuda-based Axis announced April 16 its Cyber Center of Excellence, whose services will include cyber modelling and education. Tabletop exercises should be as realistic as possible, Trueman said. “That does not just mean people running around panicking,” he added. What it does mean is predicting what computer security incident could affect you and then practising how you could react. “If you are an organization that has a supply chain vulnerability you should be looking at that type of crisis, not necessarily just a data breach, when you are doing a cyber exercise,” said Trueman. “If you are an organization that is collecting data and the most likely event you would face is a large data breach, that is the sort of exercise you would focus on.”