Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Considerations for taking out cyber insurance

Bloxx : 20 May, 2015  (Special Report)
Charles Sweeney, CEO of Bloxx, examines the case for commercial cyber liability insurance and what steps companies can take to reduce risk and premiums
Considerations for taking out cyber insurance

With cyber threats repeatedly cited as the most serious threat to businesses and national economies, it has never been more critical to enact effective safeguards that prevent others’ nightmares from becoming your reality.

Companies have recognised this but are encountering difficult decisions along the way that hinder progress. With one of the greatest questions recently being, “What should be done about cyber-liability insurance?”

It sounds appealing to have a guarantee against the spiralling costs of a cyber attack: lost business, lost assets (including intellectual property), fines and remediation, to name but a few.

It would also appear that a growing number of companies concur - with Lloyd’s of London announcing a 50 per cent rise in demand for such policies since last year. Likewise, cyber insurers in the US saw spending double to $2 billion.

Whilst demand may be high, the UK Cyber Security report published in March reveals a different perspective, stating that only 2 per cent of UK businesses have taken out cyber insurance policies. Whilst other numbers, such as those released by The Corporate Executive Programme (CEP), indicate 20 per cent of companies have secured adequate coverage. Regardless of where the true number lies or what factors have been considered, one thing is certain: Threats remain high and cyber insurance adoption is low.

Such findings are equally perplexing and disconcerting and attest to many companies being sceptical of cyber insurance’s worth. According to KPMG’s recent survey on the topic, the number one reason companies are not buying is they doubt insurers will pay out on crisis claims. Even of those who have purchased cyber insurance, 48 per cent express fear their costs will not be covered.

This distrust is fuelled by the much-publicised cyber attacks on American retailers like Target and Home Depot. Target’s cyber policy was insufficient in covering all the company’s costs, leaving the store with a $162 million loss. Meanwhile, estimates point to Home Depot having near $105 million of cyber insurance, but only $15 million of their $43 million claim was paid.

Ambiguity remains the enemy as companies assess the best steps to take in protecting their interests. But several signposts can point the way forward and ensure a business is positioned optimally in cyberspace. Below are a few such tips to get your company moving:

Know where you are today. Companies need to first identify vulnerabilities, risk management practices and any coverage of cyber attacks that general insurance might provide. Vulnerabilities can differ significantly. PayPal obviously knows where it needs protection, but it is easy for companies like Sony Pictures to have a false sense of security. Are employee practices adding to these vulnerabilities? Thinking about worst case scenarios is not pleasant, but it can be necessary.

Also, take a close look at existing insurance policies to see if there is any coverage for the vulnerabilities that remain. Even a small amount of insurance could be important when making decisions ahead.

Chart the course forwards. With these risks in mind, consider what improvements can be made to business structure and employee practices. The 2014 Information Security Breaches Survey states 58 per cent of large businesses suffered breaches caused by staff. Educating employees and establishing better practices mitigates internal deficiencies posing needless risk.

In turn, these actions could potentially lower cyber insurance premiums, which are appropriate to consider at this point. Along with varying amounts of coverage, companies wanting cyber insurance should choose whether to pursue a blanket policy that covers all threats or a more specific asset-based policy. MWR InfoSecurity director Alex Fidgen suggests the latter could be best, as it allows companies to focus spending on safeguarding their biggest concerns. It might also grant insurers less leeway in denying claims, due to more precise terms and conditions of coverage.

Manage expectations.  Cyber insurance brings a lot to the table, but companies must realise it is no panacea, more an airbag that cushions a business when misfortune strikes. Structure and employee competence are still highly crucial. There is no compensation for a damaged reputation or loss of industry trust. But if a company is diligent in its efforts to enact safeguards and take care of customers, then insurance can make all the difference in overcoming a crisis. When things go wrong, it is invaluable for someone to have your back.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo