SlideShare a Scribd company logo

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec

L
Laura Tibbo

Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC, contributes on Strategies to minimise loss and damage in Corporate Livewire Cyber Security & Data Protection Expert Guide, published in December 2017

Business
1 of 3
Download to read offline
Cybersecurity & Data Protection 2018 EXPERT GUIDE www.corporatelivewire.com
20 21December 2017 December 2017 Expert guide: Cybersecurity & Data Protection 2018 Over the last decade there has been an increasing fo- cus on cyber incidents. As the legal landscape evolves, companies have started to realise that there is a need to steer risk managers towards reviewing and adapt- ing their strategies to bear in mind cyber risks. Taking the classic risk management repertoire (risk acceptance, avoidance, limitation and transfer) as a base, strategies have evolved from a responsive ap- proach to a more proactive one. In addition, today’s aggressive polymorphic cyber risks have forced risk managers to consider “cyber resilience”; a concept that is rapidly gaining recogni- tion within the community. Cyber resilience is the ability to continuously con- duct business despite adverse cyber incidents. Peo- ple are still confusing security (which is a static but nevertheless important risk mitigation element) with resilience, “the ability to prepare for and adapt to changing conditions and withstand and recover rap- idly from disruptions.”1 After talking it over with many Executive Directors, CISOs, Risk Managers and hackers, I am convinced that the appropriate and relevant balance between security (prevention, detection, correction) and re- silience (anticipation, adaptation, readiness) must be struck by companies when considering cyber threats. In this article, I have included a mix of what I con- Finally, a smart and flexible patch management pro- cess is also a key preventative element as it allows the company to secure its perimeter and as such, de- creases the opportunities for malicious actors to gain access to the company’s network. In a nutshell, preventative solutions are useful as they can reduce the likelihood of an event occur- ring. Companies should invest appropriately in these types of measures. “Make the hacker’s life hell!” But what if someone gets into your system? In this case, to minimise potential loss and damage, another complementary strategy would be to set up relevant protective elements that limit the impact of potential human errors or make any cyber intrusion more difficult to carry out. sider to be today’s relevant and complimentary strat- egies for minimising loss and damages in relation to any type of cyber incident. “Prevention is better than cure!” Like a boxer twisting to avoid his opponent’s jabs, the best strategy to minimise loss and damage aris- ing from cyber events is to avoid them! The importance of this strategy is often underesti- mated, yet it is one of the most relevant when want- ing to reduce cyber security incidents related to hu- man error. For Cyence2 “most cyber events are driv- en by human and behavioural factors” so we easily understand how dedicated trainings and awareness campaigns (IT security, data management, social engineering risks...) could have a positive impact on such a dramatic trend. Being consistent and involving all employees is also vital, so having, sharing and regularly reviewing an information security policy (and other behavioural policies) makes sense. Furthermore, and as we constantly remind our cli- ents, training people is also a way of reinforcing your first and maybe best line of defence against a cyber incident; so, do not underestimate the power and importance of your staff. Companies should make sure that their networks are segregated in order to stop any virus from spreading and, making lateral movements slow and difficult. If appropriate, access and password management processes should be designed so as to limit a hacker’s progress in a defined system. Encryption technology could render sensitive data useless should it fall into enemy hands. Obviously, the intention is not to encrypt all data but rather those that a company considers non-public information and of vital importance. For this, com- panies should regularly carry out risk mapping ex- ercises that include the crucial step of identifying, localising and classifying data. Fortunately for companies there are many protective measures that can be taken, the ones mentioned here above are just a few examples of useful available tools. Spain Strategies to minimise loss & damage By Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC Xavier Marguinaud xmarguinaud@tmhcc.com +34 93 530 7439 www.tmhcc.com
22 23December 2017 December 2017 Expert guide: Cybersecurity & Data Protection 2018 Spain Protective measures need to be taken in order to make a hacker’s job as difficult as possible. “Enemy at the gates, prepare for battle!” Concurrent to the protective strategy, companies should work on efficient detection and event escala- tion solutions and procedures. Of course, detection is key in any comprehensive cy- ber resilience strategy as it is what would naturally link protective measures to the company’s response to an attack. For this an active Intrusion Detection Sys- tem (IDS), also known as Intrusion Preventive System (IPS) is recommended. This kind of device or soft- ware application monitors networks or systems for malicious activity. It not only reports an intrusion to an administrator or Security Information and Event Management (SIEM) system but also takes automated actions in order to contain the intrusion (blocks traf- fic, drops malicious packets, resets connection etc.). Obviously, a serious mistake would be to only moni- tor traffic approaching the perimeter of the company’s network (in a battle analogy this would be the forti- fication), whilst overlooking internal traffic (perhaps the enemy is already in the courtyard or dungeon?). footprint should also consider having local relays in addition to a centralised Computer Emergency Re- sponse Team (CERT), as response is time critical. For this very same reason, it is highly recommendable to draw up an Emergency Response Plan (ERP) for im- mediate decisions and actions as well as a Business Continuity Plan (BCP) to manage more complex situations and more impacting incidents (network redundancy, Backups or other Business Interruption counter-measures...). Furthermore, companies should always keep in mind that “the supreme art of war is to subdue the enemy without fighting”4 . For this, anticipation is key. Companies should have recourse to threat intel- ligence (to understand trends and anticipate future behaviour and modus operandi) and other risk ana- lytical reports. In my opinion not enough companies have this presently. Last but not least, on the list of ways to be cyber ready, another way to anticipate a potential intrusion would be “empathy”. Companies should try to un- derstand what an external hacker or an insider could achieve, by performing white box or black box pen- etration tests. Detection of course is good, but knowing how to react is better. Having a regularly tested and reviewed esca- lation protocol along with clear incident management guidelines is no longer a luxury but a necessity. A recent study3 has highlighted a direct and very often significant correlation between the ability to quickly identify and contain a cyber event and the cost of the incident. So whilst the need to detect an incident is really important, the ability to contain the incident is even more so. A company’s readiness for potential cyber incidents is of utmost importance and this demonstrates both a reassuring level of humility and maturity. Investing in this “being ready” strategy could take on different, but nonetheless complementary, forms. Companies should have an in-house or outsourced, dedicated cyber incident response team. This would definitely be a game changer in case of a cyber in- cident, as knowledgeable, experienced and trained people would be more efficient and straight-to-the- point when analysing, taking decisions and imple- menting solutions. Those companies that have a large geographical There are, of course, many strategies that can help minimise loss and damage. In this article I have out- lined some of the more proven measures that cur- rently exist and should be implemented in order to be a more cyber resilient company. However, the cy- ber landscape is constantly evolving and risk manag- ers should factor in cyber risks and stay abreast of developments as well as count on an expert insurer who can advise and offer complete coverage; one that contemplates the before, during and after scenarios of a cyber incident. Xavier Marguinaud is Underwriting Manager – Cy- ber, overseeing and coordinating Tokio Marine HCC’s Cyber strategy for EMEA, APAC and LATAM. Previ- ously, Xavier worked at Marsh as NZ Cyber Risk Spe- cialty Head and as Financial Lines Senior Risk Advi- sor as well as Cyber Product Champion in France. He launched his career in the Risk and Insurance depart- ment of Publicis Groupe. 1. US Department of Homeland Security, What is Security and Resilience, www. dhs.gov 2. Cyence, Cyber threats: People, Process and Technology, www.cyence.net 3. Ponemon Institute Research report, 2017 Cost of Data Breach Study. 4. Sun Tzu, The Art of War. Companies should always keep in mind that “the supreme art of war is to subdue the enemy without fighting”4 . For this, anticipation is key. Companies should have recourse to threat intelligence (to understand trends and anticipate future behaviour and modus operandi)

Recommended

Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperIBM India Smarter Computing
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Alex Yates
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 

Recommended

Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperIBM India Smarter Computing
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Alex Yates
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security RisksEnterprise Security Risk Management
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
Dynamic Defense
Dynamic DefenseDynamic Defense
Dynamic DefenseBooz Allen Hamilton
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles HamiltonReenergize
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Polsinelli PC
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Ahad
 

More Related Content

What's hot

RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles HamiltonReenergize
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Polsinelli PC
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 

What's hot (20)

RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research
 
Dynamic Defense
Dynamic DefenseDynamic Defense
Dynamic Defense
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the Trees
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 

Similar to Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec

What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Ahad
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10David X Martin
 
Cyber Security Audit.pdf
Cyber Security Audit.pdfCyber Security Audit.pdf
Cyber Security Audit.pdfVograce
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Protect Your Digital Privacy | Cyberroot Risk Advisory
Protect Your Digital Privacy | Cyberroot Risk AdvisoryProtect Your Digital Privacy | Cyberroot Risk Advisory
Protect Your Digital Privacy | Cyberroot Risk AdvisoryCR Group
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceNational Retail Federation
 
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdf
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdfFour Crucial Steps CISOs Should Consider During Uncertain Times.pdf
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdfEnterprise Insider
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
What Every CISO Should Learn From the Target Attack
What Every CISO Should Learn From the Target AttackWhat Every CISO Should Learn From the Target Attack
What Every CISO Should Learn From the Target AttackBooz Allen Hamilton
 

Similar to Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec (20)

What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Cyber Security Audit.pdf
Cyber Security Audit.pdfCyber Security Audit.pdf
Cyber Security Audit.pdf
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Protect Your Digital Privacy | Cyberroot Risk Advisory
Protect Your Digital Privacy | Cyberroot Risk AdvisoryProtect Your Digital Privacy | Cyberroot Risk Advisory
Protect Your Digital Privacy | Cyberroot Risk Advisory
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdf
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdfFour Crucial Steps CISOs Should Consider During Uncertain Times.pdf
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdf
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
What Every CISO Should Learn From the Target Attack
What Every CISO Should Learn From the Target AttackWhat Every CISO Should Learn From the Target Attack
What Every CISO Should Learn From the Target Attack
 

Recently uploaded

2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 

Recently uploaded (20)

2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec

  • 1. Cybersecurity & Data Protection 2018 EXPERT GUIDE www.corporatelivewire.com
  • 2. 20 21December 2017 December 2017 Expert guide: Cybersecurity & Data Protection 2018 Over the last decade there has been an increasing fo- cus on cyber incidents. As the legal landscape evolves, companies have started to realise that there is a need to steer risk managers towards reviewing and adapt- ing their strategies to bear in mind cyber risks. Taking the classic risk management repertoire (risk acceptance, avoidance, limitation and transfer) as a base, strategies have evolved from a responsive ap- proach to a more proactive one. In addition, today’s aggressive polymorphic cyber risks have forced risk managers to consider “cyber resilience”; a concept that is rapidly gaining recogni- tion within the community. Cyber resilience is the ability to continuously con- duct business despite adverse cyber incidents. Peo- ple are still confusing security (which is a static but nevertheless important risk mitigation element) with resilience, “the ability to prepare for and adapt to changing conditions and withstand and recover rap- idly from disruptions.”1 After talking it over with many Executive Directors, CISOs, Risk Managers and hackers, I am convinced that the appropriate and relevant balance between security (prevention, detection, correction) and re- silience (anticipation, adaptation, readiness) must be struck by companies when considering cyber threats. In this article, I have included a mix of what I con- Finally, a smart and flexible patch management pro- cess is also a key preventative element as it allows the company to secure its perimeter and as such, de- creases the opportunities for malicious actors to gain access to the company’s network. In a nutshell, preventative solutions are useful as they can reduce the likelihood of an event occur- ring. Companies should invest appropriately in these types of measures. “Make the hacker’s life hell!” But what if someone gets into your system? In this case, to minimise potential loss and damage, another complementary strategy would be to set up relevant protective elements that limit the impact of potential human errors or make any cyber intrusion more difficult to carry out. sider to be today’s relevant and complimentary strat- egies for minimising loss and damages in relation to any type of cyber incident. “Prevention is better than cure!” Like a boxer twisting to avoid his opponent’s jabs, the best strategy to minimise loss and damage aris- ing from cyber events is to avoid them! The importance of this strategy is often underesti- mated, yet it is one of the most relevant when want- ing to reduce cyber security incidents related to hu- man error. For Cyence2 “most cyber events are driv- en by human and behavioural factors” so we easily understand how dedicated trainings and awareness campaigns (IT security, data management, social engineering risks...) could have a positive impact on such a dramatic trend. Being consistent and involving all employees is also vital, so having, sharing and regularly reviewing an information security policy (and other behavioural policies) makes sense. Furthermore, and as we constantly remind our cli- ents, training people is also a way of reinforcing your first and maybe best line of defence against a cyber incident; so, do not underestimate the power and importance of your staff. Companies should make sure that their networks are segregated in order to stop any virus from spreading and, making lateral movements slow and difficult. If appropriate, access and password management processes should be designed so as to limit a hacker’s progress in a defined system. Encryption technology could render sensitive data useless should it fall into enemy hands. Obviously, the intention is not to encrypt all data but rather those that a company considers non-public information and of vital importance. For this, com- panies should regularly carry out risk mapping ex- ercises that include the crucial step of identifying, localising and classifying data. Fortunately for companies there are many protective measures that can be taken, the ones mentioned here above are just a few examples of useful available tools. Spain Strategies to minimise loss & damage By Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC Xavier Marguinaud xmarguinaud@tmhcc.com +34 93 530 7439 www.tmhcc.com
  • 3. 22 23December 2017 December 2017 Expert guide: Cybersecurity & Data Protection 2018 Spain Protective measures need to be taken in order to make a hacker’s job as difficult as possible. “Enemy at the gates, prepare for battle!” Concurrent to the protective strategy, companies should work on efficient detection and event escala- tion solutions and procedures. Of course, detection is key in any comprehensive cy- ber resilience strategy as it is what would naturally link protective measures to the company’s response to an attack. For this an active Intrusion Detection Sys- tem (IDS), also known as Intrusion Preventive System (IPS) is recommended. This kind of device or soft- ware application monitors networks or systems for malicious activity. It not only reports an intrusion to an administrator or Security Information and Event Management (SIEM) system but also takes automated actions in order to contain the intrusion (blocks traf- fic, drops malicious packets, resets connection etc.). Obviously, a serious mistake would be to only moni- tor traffic approaching the perimeter of the company’s network (in a battle analogy this would be the forti- fication), whilst overlooking internal traffic (perhaps the enemy is already in the courtyard or dungeon?). footprint should also consider having local relays in addition to a centralised Computer Emergency Re- sponse Team (CERT), as response is time critical. For this very same reason, it is highly recommendable to draw up an Emergency Response Plan (ERP) for im- mediate decisions and actions as well as a Business Continuity Plan (BCP) to manage more complex situations and more impacting incidents (network redundancy, Backups or other Business Interruption counter-measures...). Furthermore, companies should always keep in mind that “the supreme art of war is to subdue the enemy without fighting”4 . For this, anticipation is key. Companies should have recourse to threat intel- ligence (to understand trends and anticipate future behaviour and modus operandi) and other risk ana- lytical reports. In my opinion not enough companies have this presently. Last but not least, on the list of ways to be cyber ready, another way to anticipate a potential intrusion would be “empathy”. Companies should try to un- derstand what an external hacker or an insider could achieve, by performing white box or black box pen- etration tests. Detection of course is good, but knowing how to react is better. Having a regularly tested and reviewed esca- lation protocol along with clear incident management guidelines is no longer a luxury but a necessity. A recent study3 has highlighted a direct and very often significant correlation between the ability to quickly identify and contain a cyber event and the cost of the incident. So whilst the need to detect an incident is really important, the ability to contain the incident is even more so. A company’s readiness for potential cyber incidents is of utmost importance and this demonstrates both a reassuring level of humility and maturity. Investing in this “being ready” strategy could take on different, but nonetheless complementary, forms. Companies should have an in-house or outsourced, dedicated cyber incident response team. This would definitely be a game changer in case of a cyber in- cident, as knowledgeable, experienced and trained people would be more efficient and straight-to-the- point when analysing, taking decisions and imple- menting solutions. Those companies that have a large geographical There are, of course, many strategies that can help minimise loss and damage. In this article I have out- lined some of the more proven measures that cur- rently exist and should be implemented in order to be a more cyber resilient company. However, the cy- ber landscape is constantly evolving and risk manag- ers should factor in cyber risks and stay abreast of developments as well as count on an expert insurer who can advise and offer complete coverage; one that contemplates the before, during and after scenarios of a cyber incident. Xavier Marguinaud is Underwriting Manager – Cy- ber, overseeing and coordinating Tokio Marine HCC’s Cyber strategy for EMEA, APAC and LATAM. Previ- ously, Xavier worked at Marsh as NZ Cyber Risk Spe- cialty Head and as Financial Lines Senior Risk Advi- sor as well as Cyber Product Champion in France. He launched his career in the Risk and Insurance depart- ment of Publicis Groupe. 1. US Department of Homeland Security, What is Security and Resilience, www. dhs.gov 2. Cyence, Cyber threats: People, Process and Technology, www.cyence.net 3. Ponemon Institute Research report, 2017 Cost of Data Breach Study. 4. Sun Tzu, The Art of War. Companies should always keep in mind that “the supreme art of war is to subdue the enemy without fighting”4 . For this, anticipation is key. Companies should have recourse to threat intelligence (to understand trends and anticipate future behaviour and modus operandi)