Manage your Vulnerability

One of the most powerful ways to reduce successful hacking and information breaches is to reduce your vulnerability. Like the management of breaches, you can reduce your vulnerability to these business interruptions and reputational harm by deploying the right controls in the right places and ensure that they are fully integrated into your operations. You are not helpless.

First, you identify – preferably measure – your current vulnerability. This creates a baseline.

  • You then identify which additional controls will give you the best cost/benefit.
  • You want to deploy these with the full support of the C-Suite and Board. You need to have their support on (1) the costs involved, (2) to ensure that your IT Security plan is truly deployed and respected at the operating level, and (3) you need their support to do all this ASAP. When some of the biggest and ugliest breaches are deconstructed, at the heart of the problem was often a great solution that was locked up in a committee or other organizational/political blockage.

You can…and should…do all of this holistically. Once you have gone through the cycle above, you should take a break….and then do it all over again. This cycle will take 12 to 18 months, and during that period:

  • New threats will have been invented; existing threats will have gotten more diabolical.
  • Your own business might have grown or morphed in some way.
  • You have more data about your IT Security world because you’ve been keeping track of everything all this time.
  • The power of a kaisen approach – constant improvement – has been proven many times in many industries and it will work for you too.

There are tangible benefits for keeping your insurance carriers up to speed on your progress in systematically reducing your vulnerability. If you are working with a modern carrier who underwrites their coverage based on their own analysis of your vulnerability, then sharing your progress will result in a reduction in your premium. Perhaps on the spot.

If you don’t believe there are any such enlightened insurance companies, just send us an email (Contact button) and we’ll tell you the names of carriers who will do this as well as a list of insurance brokers who can help you reach out to them.


Allow our team to work with you and your staff to help you to implement a continuous stream of insights and preparations to significantly reduce your chances of an event.