Suuren maailman välkettä

Risk management – Cyber risks

Ensuring data security is of primary importance when securing your company's business continuity.

Understanding risks associated with your company's business on a holistic basis is vital in order for us to be able to offer solutions and services in all risk areas: strategic risks, operational risks, risks of loss/damage and financial risks.

Cyber risks constitute a growing risk in the field of risk management. Data security threats are mounting and becoming more complex all the time and hackers are becoming more adroit. A huge dependence on various IT systems and the previous digitisation of physical processes mean that cyber risks concern all of us in a way or another.

Take care of your company´s reputation

Ensuring data security is of primary importance when securing your company's business continuity. In addition to financial losses, a loss of reputation or at least a dent in reputation may be an even bigger damage to your company. You should therefore pay particular attention to the fact that your data security is up to date and up to standard.

A human factor is also always involved in cyber risks. A large number of occurred cyber risk loss events result from, or are enabled, by people's acts or omission of acts. Creating a good data security culture necessitates a lot of training at all organisational levels, top management commitment and all employee's involvement.

Update your company´s contingency plan

Quick response and countermeasures mitigate losses in the case of cyber security incidents. A business continuity plan forms a fundamental basis for preparing for a cyber-attack. On the basis of a well-designed plan, a company knows immediately what to do, in what direction to head and where to find a solution. The plan provides instructions on fending off cyber-attacks and, when a cyber-attack happens, instructions, say, on crisis communications and on how to act towards customers. You can enhance your preparation for cyber risks by taking out OP's cyber-insurance. We want to offer your company the best possible tools to resolve the crisis situation and survive it.

Learn more about our solutions that help your company in Risk management:

Please contact our experts and we will together find the solutions that best suit your company's needs!

  • Check that the technical basis of your company's data security is in order: anti-virus protection, firewalls, encryption, restrictions for removable media use etc.
  • Ensure the data security of products and services
  • Classify all information and ensure the protection of confidential information
  • Create a culture of "clean desk" throughout your organisation
  • Provide your employees with regular training in data security, inform of threats, test skills
  • Retrain, retest, reward for good data security practices, motivate employees to promote a good data security culture
  • Stay informed about data security regulation in all of the countries you operate
  • Draw up a business continuity plan for your company against data breach and cyber-attacks
  • Discuss data security risks relevant to your business with your suppliers, service providers and outsourcing partners and protect against them by means of agreements as extensively as possible
  • Create a social media strategy for your company, prepare for crisis communications in social media too
  • Ask an external party to make access attempts and test the vulnerability of your company's network
  • Keep top management and the board of directors informed of cyber risks and their management.

The EU regulation aimed at strengthening the rights of registered individuals and imposing new obligations on controllers has been adopted by the European Parliament. The regulation will be applied in 2018.

The revised regulation addresses the controllers' proactive approach to the protection of personal data  on a daily basis. A high standard of data protection must be in integral part of daily activities in organisations. Controllers appoint a Data Protection Officer who ensures that the controller acts in accordance with the rules governing the handling of personal data. The controller will report to the supervisory authority and the registered person, whenever necessary, within a specific time if a data security/protection violation has occurred.

Moreover, the supervisory authority will become entitled to impose a fine on the controller in violation of data protection rules. The fine may account for several per cent of the company's net sales.