We live and work in an asymmetric threat environment. The risks to an organization’s confidential information are increasing, and the total dollar amount of losses now exceeds that of the illegal global drug trade. Because it’s hard to stop and difficult to prosecute, cybercrime is high return and low risk.

Cybercriminals are constantly on the prowl for vulnerabilities to exploit. Upon discovering openings, a malicious hacker is likely to take advantage of the weakness and intrude upon an organization’s confidential information, which they can use to open charge accounts, make illicit purchases and gain access to private bank records—or worse. The victimized organization can face liability lawsuits, loss of business, damaged reputations and, in many cases, government fines.

Insurance professionals can provide a value-added service to their commercial clients by helping them create and implement a solid information assurance plan while recommending an appropriate risk transfer instrument—giving clients a comprehensive shield against cybercrime in the process. They’ll likely find your professional advice and counsel invaluable, giving you an opportunity to build stronger customer relations while controlling loss.

It’s a win-win. Here’s what it takes to develop an effective information assurance plan.

Identify. The first step is to identify each of the organization’s information assets and classify each according to its importance. An emerging security plan should contain written objectives and requires formal adoption, as well as implementation of security best practices.

Analyze. Risk analysis should be the foundation of an information assurance plan. A risk analysis involves studying an organization’s vulnerabilities and the potential threats to a company’s information system that arise from those vulnerabilities.

An information assurance plan must make protecting personally identifiable, mission-critical data a business process, no different than  personnel, accounting or manufacturing.

Implement. Organizations must put policies and procedures into place which outline the responsibilities of each individual in the organization. Such a plan should aim to maintain business continuity in the event of a cyberattack. A security blueprint should include intrusion detection, physical security and security awareness training for all employees.

Strong components of the security plan also include auditing system results, backup and disaster recovery, as well as information system design. Each element of an information assurance plan should focus on maintaining the confidentiality, integrity and availability of an organization’s information.

Insure. A significant number of potential customers are unaware that cyber liability coverage exists. Professional agents, in turn, have an excellent opportunity to build client relationships and help familiarize their customers with critical information assurance components that strengthen business continuity.

Doing this helps protect the insured and control potential losses for underwriters. That’s a dynamic and powerful combination.

Dr. William Perry is the founder of Paladin Information Assurance and a leading expert in the field of securing information assets.