Their objective is to develop a framework of recommended information security practices and policies for organizations that they insure. The big employee data question is: what will cyber insurers come to expect? Most insurance policies have stipulations. For example, some building insurance policies require you to have a minimum standard of lock on all employee data doors and ground-floor windows, in addition to working fire alarms. It stands to reason that insurers will stipulate that organizations adhere to a similar minimum standard of protection with employee data regard to their information security.
Measures for physically securing networks employee data and information will almost certainly be included. However, I'm particularly interested in what the Cyber Insurance Working Group arrives at with regard to data security policy. In other words, what will they see as the minimum standard for employee data security employee data handling procedures? By definition, that could also include a benchmark by which organizations can prove that employees have been adequately trained in these procedures, and understand the key cyber risks and how to avoid them. We may even see insurers offer insurance premium reductions for those organizations that strive employee data for higher levels of data security.
For most organizations, employees are still employee data seen as the weakest link in the security chain. And although there will always be the risk of being caught out by a highly sophisticated attack, there is a desperate need for organizations to protect themselves against the more 'mundane' employee mistakes - many of which are exactly the kind that draw employee data ICO fines. The work emails sent from personal email accounts. The misplaced back-up media. The sensitive data transported out of the office without being encrypted. In today's business world, every company has a human resource department of some type. A small business owner will generally serve as the HR rep for their own business, while corporations and larger businesses will actually employee data have a dedicated HR department.