The insurance industry is built on data—sensitive financial, health, and personal data—and must do everything in its power to protect that data from criminals. This requires protecting business operations while simultaneously mitigating the risks, including the financial impact, of cyber attacks. In addition, insurers must comply with recent cybersecurity laws and regulations or be prepared for enforcement penalties, as well as civil liability, when data breaches occur. Organizations can’t assume that the costs of breaches will be covered by their cyber liability policies.

Today, cybersecurity risk management needs to be an enterprise-wide risk initiative for insurers—one to be controlled across the entire organization, not strictly a technical process for IT departments to handle. Where to start, and how to incorporate best practices, can seem overwhelming.