Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise ServicesCybersecurity News

Cyber Liability Insurance: Moving from Insurance to Assurance

By Robert E. Stewart, Sr.
Cyber Liability Insurance: Moving from Insurance to Assurance; cyber security news
April 1, 2016

Enterprises need to identify holes and implement proper plugs prior to investing in cyber liability insurance.

It’s no shock to any following the news over the past several years that there has been an explosion in the interest for cyber liability insurance, particularly in the United States. A recent study by Insureon found that nearly 90 percent of policies are being purchased by American businesses. These policies are designed to financially assist businesses with the consequences of a breach, handling tasks like notifying impacted parties, offering credit monitoring services, negotiating with cyber extortionists and fixing a business’s security infrastructure following an attack.

A 2014 IBM sponsored study that surveyed 314 companies found that the average cost for a data breach is $5.85 million, and it identified the U.S. as the most expensive nation in which to have a breach occur. With a price tag of that size looming over small and enterprise business alike, it is no wonder that cyber liability insurance has piqued interest. As these breaches grow more common, and more costly, the need for some form of protection from the fallout will only become more of a national imperative.

The fact of the matter is, however, that only 25 percent of those U.S. companies that generate $1 billion or more in revenue have some form of cyber liability insurance, and as few as three percent of small businesses have a policy. These small businesses are at the greatest risk of a breach occurring, however, due to the fact that many do not have the funds for – or knowledge of – the best preventative security infrastructure, making them easy targets.

 

Mitigating Risks

When evaluating traditional measures most businesses have in place to protect themselves, one would find the usual suspects – firewalls, password authentication and anti-virus protection. However, a look at the most recent major hacks, OPM, Target, JP Morgan Chase and the like, and it is apparent that the perpetrators utilized methods that either outsmarted these basic security measures or circumvented them entirely. The reason being, no one attacks the tip of the spear; hackers are going to find where you are the weakest and strike hard. Many of the aforementioned businesses were properly insured, but that point is moot if the company didn’t have the proper preventative measures in place.

Simply put, it does no good to insure a boat with holes in it. The boat will sink and it is unlikely that any competent insurer is going to pay out on a policy in which the owner was being negligent. For this reason, businesses need to identify these holes, and implement proper plugs prior to investing in cyber liability insurance.

To truly undermine a business’s security prowess, an intelligent hacker is going to look at all the elements of the business as a whole. That means physical infrastructure (server farms, office building, power supply), the human elements (employees, staff, outside consultants and service providers) as well as other areas of the company that may not be as well protected. For example, what is to stop a hacker or malicious entity from waiting outside a business of interest until the employee with bald tires leaves for the day. This employee could potentially be persuaded to assist this malicious outsider in exchange for compensation.

Another example comes to us courtesy of Target. While the retailer was using a standard and relatively secure method of protecting customer data at the point of sale, they left themselves completely open by failing to segment their systems and allowing an outside individual to have access to secured networks. No degree of or firewall protection can defend against a physical ingress in the real world.

These examples make it clear that security needs to be handled as if protecting a castle, with concentric rings of defense. The solution is a marriage of onsite physical security (guards, cameras, controlled access to buildings and other infrastructure), as well as utilizing up-to-date firewalls, password protection and the like. This is the only means of truly being able to say a business has complete control of who accesses their networks and systems, and from where. Authorization is the key, no pun intended.

 

A Positive Outlook for the Future

In order for insurance to truly become a valuable asset to a business’s data security strategy, there needs to be a more comprehensive review of a company’s overall security posture prior to the safety net of insurance being put in place. Too few insurers at the moment are actively getting involved in bringing policyholders up to speed (and keeping them updated) with the latest preventative security practices.

This trend (a lack of sufficient security auditing) has led to interesting instances in which businesses take out a cyber liability insurance policy, a breach occurs because substandard security measures are in place, and then the insurance company denies coverage due to negligence. If that weren’t a big enough bombshell, in the case of Target, banks and credit unions were also able to file lawsuits against the retailer for administrative costs, lost interest, transaction fees and lost customers.

Hope is not a strategy; today’s enterprise is greater than any one approach. With hybrid cloud offerings that span networks, enterprise security executives must insist upon standards based approaches to building and maintaining cyber, physical and human defense in depth strategies. More so than ever before, it is becoming an imperative that enterprises insist on good cyber-hygiene for employees at work, on the mobile move and at home.

As with most problems, the solution is a combination of efforts and not a single silver bullet. It will take the combined work of insurers funding research and businesses utilizing background checks, controlled access both cyber and physical, monitoring techniques and more. These tactics, combined with the traditional security measures put in place in enterprise, are the only way to prevent the breaches of the future.

KEYWORDS: cyber risk mitigation cyber security insurance data breach security compliance

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sec0416 insurance slide2 90

Robert E. Stewart, Sr.  is Chief Operating Officer & Board Member for Sonavation. He is the former Chief Technologist of the Global Security Solutions Group at EMC. He specializes in the design of fault-tolerant hardware and software solutions addressing the most challenging data intensive problems. He has worked on product development for Adobe, AgentVI, Boeing, BT, CBS, Kodak, Motorola, MyWay, NFL, Disney, Facebook, and others.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyberinsurance

    Cyber Liability Insurance: What You Need to Know

    See More
  • Cybersecurity Insurance

    How to Shop for a Cyber Insurance Policy

    See More
  • cyber responsive default

    Average Breach Falls Below Cyber Insurance Policy Deductible

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing