What is Your Business’ Cyber Security Posture?  

Cyber threats like malware and ransomware are becoming more prevalent, which is placing new pressures on businesses to take security seriously. These threats have also led to a growing concern among stakeholders, including insurance companies, suppliers, and clients, about the security of the businesses they choose to work with. Triware’s clients are increasingly reporting that they are required to disclose their security posture and practices while obtaining insurance, managing business relationships, and acquiring new clients. If your business has not yet been asked to report on its cyber security practices, it is highly likely that it will happen in the near future.


What are insurance companies asking? 

Our clients have been reaching out to us for advice on how to complete cyber security assessment forms when applying for or renewing their cyber security insurance policies. According to a recent International Association of Privacy Professionals webinar on the subject, almost all cyber insurance providers now require verification of some preventive controls. They state that companies that prioritize cyber security controls are more likely to receive favourable coverage terms and pricing and that the usage of security controls like multi-factor authentication usage on email accounts is often non-negotiable. In some cases, these forms can be quite extensive and cover various aspects of cyber security that can be challenging to answer for individuals without a solid understanding of the subject.


What are business partners and stakeholders asking? 

Aside from insurance companies, we have observed that business partners and customers of our clients are also requesting verification of preventive controls before engaging in business. Currently, these types of requirements vary depending on the industry in which you operate and the sophistication of clients who demand a high level of privacy. One aspect of best security practices, as outlined by Cybersecure Canada, is to inquire about how service providers handle and access your company’s information. While it can be challenging for small businesses to comply with these standards due to limited resources, larger businesses with the means and expectations to obtain this information face the same level of difficulty, as cyber security and privacy standards are essentially identical regardless of company size or capabilities.


What is best practice? 

Triware strongly recommends that its clients adhere to the guidelines and controls suggested by Cybersecure Canada, which is the national cyber security certification program for small and medium-sized organizations. Cybersecure Canada’s website, in collaboration with the Digital Governance Council, offers several templates and baseline controls that organizations must implement to align their business with best practices. Although certification is desirable, businesses seeking this level of compliance must take the implementation of security measures seriously and be prepared to instill a security-minded culture within their organization.

Businesses should, at the very least, implement security controls such as multi-factor authentication on their accounts, develop a continuity plan, offer regular cyber security training for employees, take appropriate steps to backup critical business information, and obtain a cyber insurance policy. If any of these concepts are unfamiliar to your business or if you are unsure whether they are currently being implemented, it may be time to consider having a cyber security assessment completed.


Triware is here to help! 

If you are uncertain about your organization’s cyber security posture, or if stakeholders are asking for self-reporting on your security posture, Triware is available to assist. We frequently aid clients in enhancing their cyber security posture by providing cyber security assessments that address both technical and non-technical aspects of cyber security controls that adhere to CyberSecure Canada’s recommendations. Your report will identify any gaps, easy wins, and suggested next steps to help safeguard your operations and client information. Additionally, we have assisted numerous clients in completing cyber security compliance forms, drafting policies, and implementing technology solutions to improve their overall cyber security posture. 


Contact your account manager or us today to learn more.