Insurance companies are hawking the factoid that “nearly half of US companies have experienced a cyber attack.” Of course, they are also selling you insurance against the cyber attacks.

But cyber attack insurance is a bit like K&R (kidnap and ransom) insurance: by the time you need it, it’s too late. Your competitive advantage is gone, and you are likely facing a slew of lawsuits from customers and employees.

The problem has gotten so dire and so pervasive that on March 31st, President Barack Obama declared cyber attacks a “national emergency” and signed an executive order expanding his administration’s ability to respond to malicious cyber attacks by allowing financial penalties to be inflicted on foreign actors who engage in them.

But the greatest threat are privateers. They can be in house personnel even.

While rapidly changing technology makes it impossible to eliminate all threats, every company needs to protect its data by implementing a risk mitigation strategy. The first step is a thorough vulnerability assessment by a qualified subject matter expert (SME).

Do you have a clear picture of how your company’s vulnerabilities can be manipulated?