Brokers placing cyber insurance should advise their commercial customers that it’s not enough to just have a plan to respond to computer security breaches they need to test the plan, or “red-team” it.
“An incident response plan is not fully implemented and useful until it has been tested,” Terri Mason, assistant vice president of cyber and professional liability at CNA Canada, said in an interview Thursday with Canadian Underwriter.
Brokers may not be information technology experts, but they can still advise clients to make sure they have a plan to respond to cyber security incidents, said Mason. An incident response plan provides “detailed instructions” for responding to incidents such as distributed denial of service attacks, data breaches, employee error, virus and malware outbreaks.
Continue reading the full article published by Canadian Underwriter.