Best Practices for Becoming a Cyber Security Expert

To compile the Hiscox Cyber Readiness Report, we surveyed executives and IT professionals in 4,100 companies in the US, UK, Germany and the Netherlands, probing their attitudes on data security and assessing how prepared their firms were to withstand and quickly recover from a cyber-attack. This research led to a ranking of company preparedness levels and a list of definitive best practices for maintaining corporate cyber security.







The primary challenge of staying cyber-ready is maintaining insight into ever-evolving threats. Hackers are constantly coming up with new ways to access your data. The degree to which companies were prepared for these shifting attack strategies determined whether they were ranked a cyber readiness expert, intermediate or novice.

“Those companies that are most successful at avoiding the costs associated with a cyber-attack are the ones that spend the resources to prevent attacks before they happen, detect those that cannot be prevented, and mitigate the impact on the company,” said Dan Burke, Vice President and Cyber Product Head at Hiscox.

Companies who earned the designation of being Cyber Security Experts had several things in common:

  • Budget dedicated specifically to preventing and managing attacks
  • Awareness of potential threats across all levels of management, with a named position responsible for cyber security
  • Willingness to compile learnings from each incident and modify security plans based on them
  • Foresight to carry cyber insurance



For most organizations, prevention starts with building a ‘human firewall’ – training employees to recognize and respond to hacking attempts.

  • All but a tiny proportion of cyber experts incorporate security training and awareness throughout the workforce
  • Nine out of ten experts review the cyber security competence of their employees on a regular basis, using established metrics. And cyber security competence forms part of every regular performance evaluation
  • More than four-fifths of cyber experts say ‘increased employee training has reduced the number of incidents that disrupt our business.’



Cyber security experts score high for deployment of security technologies, like antivirus software and intrusion detection systems. They also:

  • Take a rigorous approach to authentication and actively monitor email encryption policies
  • Have systems in place to monitor and track violations of their spam blocking services, all of which lets them detect an intrusion early, minimizing the damage.
  • Are more likely to make changes to their processes as a result of an incident by increasing their spend and improving their technology 



A key part of any cyber security strategy includes efforts to mitigate the effects of an adverse event. Early detection is key, and so is cyber insurance. Among those already covered or planning to take out cyber security coverage, the top two reasons for doing so are:

  • The desire for the peace of mind that comes from knowing you’re protected against the cost of a potential breach.
  • The fact that cyber insurance policies offer ‘additional expertise that I do not have.'

More than a third of experts cite the ‘attraction of additional expertise’ as a reason for taking out insurance coverage.


Cyber Insurance

We work with a range of organizations to better understand the rewards, challenges and day-to-day responsibilities of running your own business. To learn more about protecting your business with cyber insurance, speak to your insurance broker.




The content is provided for general informational purposes and is not intended to and does not constitute business or legal advice to any particular person or entity.