Cyber Security Insurance Only Goes So Far

Kachina Shaw

In a recent study, The Ponemon Institute looked at an emerging strategy for mitigating cyber security risks: insurance policies. Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age (available for download with registration) found that 31 percent of its sample of risk managers and executives in a range of small and enterprise-size companies reported that they have “cyber risk” insurance.

Given the potential losses attached to cyber data breaches, internal malicious conduct and other cyber threats (an average cost of $188 per lost or stolen record, according to Ponemon’s 2013 Cost of Data Breach study), on one hand that percentage could be characterized as low. But given the limitations of these types of policies at this point, it could also easily be characterized as high. An additional 39 percent of respondents plan to purchase a cyber risk insurance policy.

Those companies that hold these policies reported to Ponemon that the process of meeting policy requirements created a stronger total security posture, and satisfaction with the policies runs high. Forty-four percent said they were extremely likely to recommend their provider. Thirty percent have submitted a claim on their policy.

According to Ponemon:

“The primary types of incidents covered include human error, mistakes and negligence followed by external attacks by cyber criminals, system or business process failures and malicious or criminal insiders. Only 11 percent of respondents say their policies cover attacks against business partners, vendors or other third parties that have access to their company’s information assets.”

Insurers can offer coverage for quantifiable costs of data breaches, up to and including analysis, costs of alerting customers and litigation costs. Less quantifiable areas such as brand damage may not be covered. Providers are also moving toward adding crisis management services for clients that may not have a dedicated risk manager, according to a piece in the Wall Street Journal.

And the policies are not limited to coverage for data loss or other data-centered risks. Other cyber risk coverage is becoming more available for system outages, both internal and within partners and third parties.

Add Comment      Leave a comment on this blog post
Sep 24, 2013 11:56 PM Dougchampigny Dougchampigny  says:
In today's business world, companies of all sizes are constantly having to protect and monitor all forms of technology such as computers, laptops, mobile phones, tablets making sure that company information is secured at work, home and on the go. In a climate of persistent threats, protecting your cyber space is no longer a requirement but a necessity. In 2010, Canada ranked 6thas the world's most common target for cyber related crimes and cyber security threats. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.