In this climate of a global hacker siege from Anonymous, LulzSec, and others, few digital enterprises can see reason for cheer. One exception is the insurance industry, which is eager to oblige with data protection and privacy policies, as well as an expanding range of cyber-risk insurance policies to cover losses from viruses, denial of service, and hacking.
The cost of a data breach was put at $214 per compromised record and $7.2 million per data breach event back in March 2011, according to the Ponemon Institute, a data protection research group. It’s a sobering thought for most organizations. So it’s not surprising that the recent spate of high-profile breaches has sent many an organization into frenzied panic buying, snatching up cyber-insurance policies that cover as much as $200 million — and that’s not even for the biggest companies.
Cyber-risk insurance is turning out to be this year’s industry growth story. In a report last year, Betterley Risk Consultants counted 19 available sources for cyber-insurance. A year on, this figure seems dated, along with the estimated US Gross Written Premiums (GWP) of $600 million.
Even a subsequent Betterley estimate of a 25 percent increase in demand for policies this year could be on the light side. Though if the UK is anything to go by, takeup is still pretty low, despite the obvious market growth. One survey found that only 27 percent of companies had any sort of cyber-risk insurance. So there is plenty of scope for market growth!
Yes, it seems the insurance industry is going cyber in a big way. You only have to look at the range of topics discussed and the quality of players involved at a recent high-level insurance symposium to know that the industry is now cyber-centric.
But cyber-insurance may yet be in choppy waters. Bearing in mind the types of exclusions in this specialty market, it seems that many organizations may be blissfully unaware, until the worst happens, that their general insurance policies will not cover them for most types of data breaches.
And court cases can still go either way or contradict earlier rulings, as one bank recently found out. A judge in Michigan ruled that Comerica Bank was at fault for not detecting earlier the losses its customer sustained through a phishing attack.
Finding in favor of the plaintiff is an increasing trend, it seems. That’s good for the consumer, but it adds to the cost of cyber-risk insurance premiums.
If you need helpful advice on how much a data breach could cost your enterprise, try out Symantec’s databreachcalculator.com.sapin.arvixe.com Data Breach Risk Calculator.
In many ways, cyber-insurance is still exploring unchartered waters, with few standards or guidelines to follow. The insurance industry, though, is well practised at minimizing exposure to loss. And as with any insurance, the small print warrants careful consideration. This can be where exclusions are tucked away.
For example, most data breach policies will exclude paying out for unencrypted laptops and discard any claim if software is not kept up to date or if passwords are not changed on a regular basis
Indeed, when it comes to cyber-insurance, insurance companies do not like to pay out, and if they have to pay out, they look to regain those losses. This will mean that a growing number of insurance investigators will begin to add their efforts in exposing the hackers and cyber-criminals in order to protect their businesses and clients.
Anonymous and LulzSec may not be concerned about regular law enforcement, but they should fear the professional cyber-bounty hunters, hired by the insurance companies.
—
This post was originally published on Jart Armin’s blog
Photo Credits: Flickr CC Thomas Hawk
💬 Discussion
No comments yet. Be the first to comment!