News + Resources
Industry news, Astaara press releases & maritime cyber risk resources
Some of our Dutch friends have a reference book for helping comprehend the use of English –
“I Always get my Sin (way)” by Maarten H. Rijkens- key tenets of this go to the heart of communication and understanding the consequences of what is said, and most importantly how it is understood. A snapshot as follows:
| What the British say | What the British Mean | What the Non-British understand |
| “Quite good” | A bit disappointing | Quite good |
| “I hear what you say” | I disagree and do not want to discuss | He is listening to me |
| “You must come for dinner” | It is not an invitation I am being polite | I will get an invitation soon |
“Very interesting” | This is clearly nonsense | They are really impressed |
Although this is clearly making light amusement out of the cultural nuances that ultimately bring us together in their enjoyment of them, herein lies a serious point when it comes to the communication piece of a cyber incident response.
The continuing rise and frequency of cyber incidents, which are costing the global insurance market more than $1bn in losses (2020), are caused through a blend of corporate failings and external actor. The significant majority of claims centre around ransomware or malware which unpick the weak or under-prepared victim’s network defences, which then stretches untested or unprepared business continuity plans or employees. This often results in media statements being deployed, using language which undermines the aim of good incident response – which is meant to allay fear, uncertainty and doubt. Some examples taken from a blend of corporate responses over the last 12 months on this theme are…
| What a company says | What the company might mean | What the cyber expert hears |
“Upon learning of the incident” | Luckily, IT found the breach and told me | No network monitoring |
| “A sophisticated attack” | We had not patched a known vulnerability | You had not patched a known vulnerability |
| “An immediate engagement of 3rd party experts” | Immediate engagement of 3rd party experts | No useable business continuity plan deployed to use your strongest assets – your team |
“The Incident is ongoing” | We have not been able to control this | There is no network segregation |
“Your data is important to us” | Your data is important to us | Data exfiltrated |
“We disconnected systems from the network” | We pulled the cable out of the wall socket | You turned the computer off, but your servers are still connected to the internet and the incident is ongoing |
So often companies allow their reputation to be undermined through poor communication planning and poor incident response. Whilst the above is a tongue in cheek commentary, it does demonstrate how some people perceive a cyber incident response.
Cyber Risk Management is an enterprise activity lead from the top and involves every single element of the company. Consider how you might improve your response planning.
Speak to the global cyber experts today – Astaara Risk Management.
Astaara Underwriting UK Limited is an appointed representative of Davies MGA Services Limited, a company authorised and regulated by the Financial Conduct Authority under firm reference number 597301 to carry on insurance distribution activities. Astaara Underwriting UK Limited is registered in England and Wales company number 12570450. Registered office at 5th Floor 20 Gracechurch Street, London, United Kingdom, EC3V 0BG.
