Is Cyber Liability Insurance Becoming Vital?
In recent years, cyber security has been a hot topic, with more and more businesses feeling the need to insure their electronic assets in case of a hacker attack. A new study has been released, called ‘Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age’. The cyber security study was conducted by the independent firm Ponemon Institute, and received sponsorship from the Experian Data Breach Resolution. The study revealed that more and more businesses are viewing the risk of a cyber-security breach to be more important than that of natural disasters and other major risks. The survey stated that the cost of cyber security exploits and data breaches is clocking in at a hefty £6,061,383. This figure is based on the input from senior privacy and compliance professionals as well as the financial service industries. The £6,061,383 cost includes legal & consultant fees as well as indirect business costs. These costs include productivity losses, loss of revenue, customer turnover and any negative reputation management that has to be issued. It doesn't include Intellectual Property (IP) losses, which can ramp up the costs significantly.
Over half of the survey’s respondents (56% to be exact) reported to have suffered a cyber-attack that breached their network or enterprise systems, or lost more than 1,000 records in a single breach. There have been some very high profile security breaches in the news recently. An example of this is when Sony suffered a data breach, with millions of their Playstation Network customers having their personal information exposed to cyber criminals. These breaches are very dangerous; the hackers often sell personal details on black market forums all over the world which can result in identity fraud and other unpleasant consequences for the innocent victims. The risk of cyber-crime is too great for businesses to ignore, with 31% of the surveyed companies owning cyber liability insurance policies, with another 39% exploring the option of having a policy in the future. It is imperative for businesses to have some cover in place to mitigate the financial cost of these potential breaches.
Andrew Rose, principal analyst of security & risk at Forrester Research, said: “Obtaining cyber liability insurance has changed quite a bit over the past 2 years. Companies fill out questionnaires to assess their internal risk, and then insurers base their premiums on that. But this is relatively uncharted territory for insurers – quantifying your risk of getting hacked is challenging.” A business’s data can be encrypted to increase security. If your data is encrypted, is ISO 27001-certified and regular audits are conducted, your insurance premium should reflect this. On the other hand, if you fail to encrypt your data and allow free access to your network, you can probably still get a cyber-insurance policy but your premium will be through the roof. As with all insurance policies, the consumer wants to know exactly what is going to be covered. Rose commented: “Responding to requirements to give all of your customers credit rating checks so they can ensure their identity hasn't been stolen, as well as repairing your reputation, dealing with the technical issues that occurred and patching your network - these should be included in your insurance and aren't terribly difficult to quantify. But there are other aspects that are the real killers, such as loss of intellectual property worth millions, and I'm not sure insurers cover that yet.”
James Savery, 27 August 2013