If you want to secure your house, would you just lock the doors and forget about the open windows? Time and time again, organizations do just that with their cyber risk management, discovering too late that they have failed to protect assets that they were unaware existed. External threats like data exfiltration often result from failures to focus on some of the building blocks of internal cyber hygiene. So this quarter, we’re focusing on cyber security from the inside out, examining how to protect against vulnerabilities from poor asset management.
Looking at our latest data, there is some good news to report: the overall incident volume we’ve seen in 2022 is currently on track to be significantly lower than in 2021. But even though incidents are down, severity and associated costs remain challenging – as does the false sense of security many organizations may be feeling right now. Our recent Risk & Resilience research revealed that although cyber remains the leading technology risk for business leaders, there is also a worrying degree of complacency around cyber risk management. Companies are not as well prepared as they would like to believe themselves to be. We see this particularly when it comes to asset management.
Asset management is critical to a robust cybersecurity program. Gaps in inventory, for both on-premises assets and cloud resources, can leave you with exposed attack surfaces and slow down detection and response capabilities. The past two years of pandemic-driven remote work have led to decreased inter-departmental communication and, in many organizations, less oversight overall. So the likelihood that an organization has an incomplete asset inventory is greater than ever.
Good asset management is good governance and it needs to be built into broader cyber strategy and included in business decision-making. Organizations that fail to pay sufficient attention to asset management inherently expose themselves to cyber breaches that result in higher costs and more liability. In this quarter’s deep dive, we explore these challenges and offer best practices to help organizations proactively understand their environment so that they can protect it.Bala Larson
Head of Client Experience
San Francisco, CA
Quarterly data snapshot
What's happening in the world of cyber incidents? View data about the latest trends.
Asset management and cyber security: what you should know
- Prevention, detection, response, and recovery all begin with knowing your assets: you can’t protect what you don’t know about.
- There are many tools to help with asset discovery and management.
- From operational technology to the cloud, leave no asset unsecured.
- Don’t forget to install security patches and factor in end-of-life planning.
- An experienced risk management partner can help you stay one step ahead.
Asset management is an essential part of cyber security. This not just a technology issue, it’s also a people and processes issue.Tasha Fasce
Cyber Services Manager
New York, NY
The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.