Apr 18, 2014

Has cyber insurance become a necessary expense for businesses?

I got a flyer from my company’s insurance broker advertising "cyber insurance" today. I didn’t realize this was a product that existed. At first I just dismissed it as an unnecessary expense, but then I thought about the data breaches at Micheal’s and Target, not to mention the Heartbleed bug, and the potential expenses associated with those events. Is cyber insurance necessary for companies that do business online, or it is a waste of money?

If you want to mitigate losses from a breach, it is a great idea. However, we work with many insurance companies and we have been leveraging that a cyber security company like MainNerve come in and perform a Vulnerability Scan and Penetration Test to ensure the potential customer should be insured. Worse thing an insurance company can do is insure a company to later find out their virus software was from 2002 and they have tons of vulnerabilities in their network for a hacker to jump in and steal everything. Now the insurance company is on the hook to pay out millions of dollars in lost revenue or customer data.

Reese Ferguson
Cybersecurity Insurance

"Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. The Department of Commerce has described it as an “effective, market-driven way of increasing cybersecurity” because it may help reduce the number of successful cyber attacks by promoting the adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; and limiting the level of losses that companies face following an attack. Many companies nevertheless forego available policies, citing their perceived high cost, a lack of awareness about what they cover, and uncertainty that they’ll suffer a cyber attack as the basis for their decisions."

According to a quote in a recent cnbc article, cyberinsurance is the fastest growing category of insurance. These policies can cover things like lost revenue, legal expenses and cost to repair a breach. As you mentioned, there have been a number of high profile examples of companies facing significant exposure due to data breaches, and if they didn’t have this type of insurance, you can bet they will soon. An unexpected upside is that businesses may improve their security practices because they don’t want to pay high premiums for this type of insurance. You might find the cnbc article interesting.  

Answer this