Cyber Insurance – Silver Bullet?

Publish date:

If you could just insure yourself against cyber attacks, would you be less demanding about implementing security measures?

Cyber insurance is a thing. You can insure your business against cyber attacks. Your premium will depend upon the size of your business, the security measures in place, and your degree of exposure.

That’s tempting. If I could just insure myself against cyber attacks, can I be less demanding about implementing security measures?

This is a perfectly valid approach of course. Risk transfer, which includes insurance, is a completely valid way of dealing with a cyber security risk. The other alternatives are risk avoidance (which would include applying preventative measures) and risk acceptance (which involves dealing with risk events as they happen).

Let’s look at the insurance option in more detail. Insurance involves your paying a premium to an insurance company, which will, if an incident occurs, indemnify you for your loss. Great! But here’s the small print:

  • All insurance contracts require you to act as if uninsured. If you expose yourself to more risk because you’re insured, the insurer may refuse to pay after an incident.
  • The insurance will only indemnify you for the cover you have purchased. Many of the costs of an incident may not be covered—for instance, reputational damage, senior management time, regulatory fines, and court costs.
  • If you cut down on cyber security spending you will have to inform your insurer of this, and this may increase your insurance premium.

On the other hand, you can always balance the cost of insurance against the cost of a cyber security measure.  If the cost of the measure is more than the increase in premium, is it worth doing?

To summarize, cyber insurance has its place in an organization’s armory, but I suggest it is most effective as a backstop for exceptional incidents rather than a substitute for everyday good cyber security.

Related Posts

Cybersecurity

Capgemini presents Next Generation Security Operation Center

Christer Jansson
June 14, 2018
Next generation security operation centers (SOCs) resolve the need for cybersecurity skills and help organizations counter threats
Cybersecurity

Selling security and privacy: Why cybersecurity is the new competitive advantage for retailers

Subrahmanyam KVJ
May 28, 2018
Consumers now see cybersecurity and data privacy as one of the three main reasons to select a retailer, beating even price. In India, it even comes out on top as the number-one reason to do business with a particular retailer.
Cybersecurity

Are you prepared for the GDPR?

Peter Hansen
May 17, 2018
The general issue lies with anyone with justified and managed access to process data, for its purpose, since that’s the business need and actual reason for the data existing in the first place.
cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information