Skip to main content

Risk Management

Finding insurance solutions to the challenges that new technology has presented can start with the simple ISO 31000 Risk Management Framework that considers: 


  • Risk Minimisation
  • Risk Retention 
  • Risk Transference.


Essentially, it is just reducing risks in whatever we do; keep some and pass the rest to others (at a price). While technology should be used to effectively reduce and efficiently transfer these risks, the art is in the design.


Control & Transfer

Minimise

Cybersecurity Risks

Reducing risks is part of safety and many companies will take the necessary actions to protect their business and staff. Cybersecurity risks are getting more rampant and sophisticated beyond the resources afforded by organizations

Transfer

To Cybersecurity Association

A non-profit association has been set up in Singapore to assist companies with limited resources to aggregate demand transfer their cyber risks. 

Retain

in a Contingency Fund

Deductibles and co-insurance are standard mechanisms in insurance for you to retain high frequency, low severity losses. Set them at a level where you could afford to effectively lower your insurance costs.    

Cyber Protection

Companies with limited resources can improve their cyber protection with:

  1. Strong passwords and two‑factor authentication 
  2. Software updates on phones, computers, servers, wifi etc.
  3. Install basic antivirus, firewall, threat monitoring software.
  4. Limit access to sensitive data.
  5. Back up data, and store backup offline or in secure cloud storage
  6. Staff training to prevent phishing and social engineering.
  7. Use secure Wi‑Fi and lock devices when not in use.

CASL -- CAstle plan

The Cybersecurity Association Singapore Limited (CASL) has a Castle plan that is very cost effective in providing companies with a complete suite of cyber protection services and insurance. It includes cyber rating report, audit assistance, technical, legal advisory, incidence response, investigation, reports and recovery: www.cybersecurity.org.sg


Rainy Days 

Beyond deductibles, there are not many commercially available options to retain risks. In terms of customizing covers for your risk profile, it will be difficult, especially for cyber insurance. Setting aside a cybersecurity fund will be useful to cover some losses that you have retained as well as for any gaps in insurance cover. The Europeans have started a cyber mutual fund but that option is not available in Singapore. For smaller companies, it would be good if the CASL has a contingency fund to support her members.

      

Optimise To Maximize