Issue link: https://nebusinessmedia.uberflip.com/i/1510339
HARTFORDBUSINESS.COM | OCTOBER 30, 2023 31 Connecting people, risk, and strategy to redefine your possibilities I n today's digital age, cyber threats are becoming increasingly common and sophisticated. Organizations are vulnerable to a wide range of cyber threats including data breaches, ransomware attacks, and phishing/social engineering scams. These attacks can have serious consequences, including financial losses, reputational damage and legal liabilities. Fortunately, there are steps employers can take to mitigate these risks, making cybersecurity a top priority of the C-suite. 1 What are particular aspects that risk vs human resources professionals should be aware? Risk managers and human resources professionals play particularly critical roles in addressing these challenges by identifying potential threats, educating the workforce and implementing risk management strategies. To begin with, a comprehensive risk assessment can identify potential cybersecurity threats and vulnerabilities. This assessment should include a review of the organization's IT infrastructure, data protection policies and employee training programs. Based on the results of this assessment, employers can develop a risk management strategy that includes measures such as implementing access controls, encrypting sensitive data and conducting regular security audits. Risk managers should also consider purchasing cyber risk insurance to protect the organization from poten- tial losses in the event of a cyberse- curity incident. Comprehensive cyber risk insurance policies can provide coverage for a range of losses, including data breaches, business interruption, ransomware, regulatory fines and penalties and liability claims. Risk managers should work with their insurance broker to identify the appropriate coverage options for their organization based on their specific needs and risk profile. Having a comprehensive incident response plan which outlines the steps to be taken in the event of a cyber-attack is critical and should include procedures for identifying and containing the attack, as well as notifying relevant stakeholders, such as customers and regulatory authorities. Cyber-attacks can't all be prevented, but employers can mitigate their risk by identifying potenti al threats, developing a strong cyber culture and implementing risk management strategies including strong employee education. By purchasing cyber risk insurance and implementing effective cybersecurity controls, employers can help protect their organizations from poten tial losses and reputational damage in the event of a cybersecurity incident. SPONSORED CONTENT Cyber Threats – Critical Info for Both Human Resources Professionals and Risk Managers by Mercer and Marsh 2 What can you do to stay up-to-date on this rapidly-changing area? Due to the speed with which new threats emerge, it is critical to stay up to date on the latest cybersecurity threats and trends and work with IT and other departments to implement best practices for protecting sensitive information, authenticating access and monitoring the organization's network for suspicious activity. Employers can provide cybersecurity training to employees to raise awareness of the latest threats and best practices for protecting sensitive information. This training could include regular phishing simulations to test employees' awareness and provide feedback on areas for improvement. In addition to employee training and education, organizations should also focus on building a strong cyber culture that emphasizes the importance of cybersecurity at all levels of the organization. This can involve everything from creating a dedicated cybersecurity team that is responsible for monitoring and responding to potential threats to outlining expectations for employee behavior and responsibilities including topics such as password management, data protection and incident reporting. HR can conduct background checks on new hires to ensure that they do not pose a risk to the organization's cybersecurity as well as implement access controls to limit the risk of insider threats and ensure that employees only have access to the information they need to perform their job duties. 3 What should I do to protect my organization? Of course, even with a strong cyber workforce resilience strategy in place, incidents can still occur. For more information contact: Meg Galistinos Partner Connecticut Office Leader Mercer Meg.Galistinos@mercer.com Steve Toffolon Managing Director Resident Executive Hartford Marsh Stephen.A.Toffolon@marsh.com RESOURCES: Mitigating risk by improving cyber workforce resilience Best practices for cyber incident readiness