Cybersecurity Insurance: Smart Investment?

February 28, 2017

A study conducted for Hiscox shows that, out of 3,000 companies in the U.S., UK and Germany, slightly more than half (53 percent) of these organizations are not prepared to effectively handle a cyber-attack. It is concluded in the study that U.S.-based companies not only outrank the others regarding key aspects like planning, strategy, resourcing and process, but they are also the most heavily targeted for cyberattacks.

The Hiscox Cyber Readiness Report 2017 depicts that U.S. companies are the most likely to have experienced an attack as 72 percent of larger businesses have reported at least one cyber incident from this past year. It is shown in the report that larger U.S. companies deal with cyber-attacks that, on average, cost up to $102,000, significantly lower than figures that make the headlines. Still, the average cost is expensive. Cyberattack incidents are on the rise, therefore it comes as no surprise that investing in cybersecurity is steadily becoming more significant to these enterprises.

Following numerous recent data breaches, a great deal about cyber liability insurance has been published. Due to many companies being unsure of how to approach the topic of cybersecurity, several questions pertaining to cyber insurance are still present in the corporate world. Companies with existing insurance could possibly be unsure of whether or not investing specifically in cyber insurance is a necessity.

“If companies are looking for real risk transfer, they’re going to want to buy a dedicated policy for multiple reasons. Other policies are either specifically excluding cyber-type triggers or events, or it is seen that the type of coverage is limited or nonexistent,” says Laurie Schwarz, Senior Vice President of Lockton Insurance Brokers, LLC, a member of San Diego’s Cyber Center of Excellence (CCOE).

In order to cover all aspects of data exposure and possible breaches, companies should have a strong understanding of how their respective cyber insurance mitigates cyber risk. The report notes the possibility of confusion with regard to what cyber insurance covers exactly due to the complicated nature of insurance policies.

“There is a great expression: if you’ve read one cyber policy, then you’ve read one cyber policy… Cyber policies can cover multiple things, and it depends on the organization, the need and the carrier in terms of what it can provide,” Schwarz explains.

Given the numerous aspects of insurance coverage, it is a common assumption that buying insurance is a difficult process. According to the Hiscox Report, firms must have a comprehensive cybersecurity plan in order to forgo the difficulty in determining where spending should go. The organization in itself determines if the process can be deemed straightforward or challenging.

“It’s a matter of going through the process and seeing what companies options, coverages and costs are…Once upon a time, there may have been a perception that buying coverage was challenging, but I would say, with advice and a good broker, it’s their job to lead you through the experience in that you know what the process is going to be without any major surprises along the way,” says Schwarz.

According to the report, a common practice among companies is to transfer the cyber risk to an insurer. Thus insurers are expected to provide trustworthy policies and clarity to an otherwise complicated subject along with ensuring that every aspect of exposure is covered. These seemingly heavy responsibilities are welcomed among most insurers. “You’re being able to bring some certainty and quantification to an otherwise unknown or uncertain situation,” says Schwarz.

The benefits to be gained from cyber insurance depend directly on companies understanding their vast information that is exposed to employees and the public. Regarding the provision of insurance, the result will be better if companies have a strong comprehension of their exposures. U.S. companies and the cyber insurance industry altogether must improve communication as both have the similar goal of further managing and understanding cyber risk.

Sarah Sameei is a freelance writer based in Texas. She has a BA in English and is currently pursuing a second degree in Engineering.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Right now, in the pandemic environment, business leaders are balancing internal priorities – managing cost and impacts to productivity – with market and external priorities like government requirements, customer needs, and perceived standards of safety and health.

Security Magazine

2020 August

This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!

View More Create Account

Cybersecurity Insurance: Smart Investment?

Recent Articles by Sarah Sameei

Product Spotlight: Ultra HD Video Solutions

Some Security Systems Fooled by Aging Faces

Alabama Leads with Most Engaged Employees

Americans Overly Confident in Cybersecurity Knowledge

CEOs Confident in Growth and Economy

Security Magazine

2020 August

Cybersecurity Insurance: Smart Investment?

Recent Articles by Sarah Sameei

Related Articles

Report Abusive Comment