Cybersecurity Insurance, IT Processes Melding into New Approach

Kachina Shaw

Legal, Consulting Firms Jumping on Insurance Demand

Also pushing growth in these insurance products is attention from the legal and consulting communities, Delmar notes.

“We see practice areas organized around it, and that is a leading indicator. That’s one way you know the demand is there. Specialized practice areas in law firms can advise on a range of policies, help minimize the cost of disputes, help draft policy language, and throw light on exclusions to allocate risk. They can develop guidelines, negotiate policies, reach social media. They’re developing best practices for social media use in claims investigation, for example.

And the large consulting companies are able to advise on regulatory requirements and admissibility challenges, and offer discovery case experience. The development of these specialties is a natural response to market demand.”

Determining Liability

In the mid term, beginning in 2015, Delmar expects to see much more benchmarking and 360-degree risk assessments – all with cybersecurity included.

“We should see more effort in root cause analysis, finding the components of attacks, and whether there was negligence. If 70 percent of breaches are traceable to human error, and they are, where does the liability lie?

If Microsoft or Apple stop supporting a product, for example, or a product is obsolete and has vulnerabilities, and a company has not taken steps to deal with that, and as a result a breach occurs, that’s an example of due care, of the lack of a level of protection from the business and its coverage.

Less than half of companies right now have risk management programs. How can an insurance agency measure risk without evidence? We’ll see more baseline demands, more objective third-party assessments, and more testing for coverage, controls and certifications.”

A New Role Emerges: Cyber Actuarial

With more intense sharing of analysis and clarity of rules, says Delmar, will come the rise of cyber actuarials as a new role in the business. “They’ll be very aware of the cyber threat world and actuarial analysis. Specialists will be brought in to lower rates, before insurance is taken out.”

With its existing experience, the insurance industry has a lot to offer clients and potential clients, says Delmar, and will act as an accelerator, injecting expertise into processes and showing companies what level of protection they have to have.

“I see them as cross-industry collaborators, forcing functional improvements, raising the bar in companies’ ability to respond. In the free market, once risk gets to the tipping point, these vehicles come into play. And I welcome them. We underestimate breaches and where they are going, we underestimate the distribution models and the underweb. We have to build muscle against every part of the kill chain; it’s now about continuous monitoring of threat vectors to data, not a top-down approach.”

Kachina Shaw is managing editor for IT Business Edge and has been writing and editing about IT and the business for 15 years. She writes about IT careers, management, technology trends and managing risk. Follow Kachina on Twitter @Kachina and on Google+

Add Comment      Leave a comment on this blog post
Feb 17, 2015 1:09 AM Jeana Chui Jeana Chui  says:
The increasing risk of data breaches and hacks, ranging from the extensive and ongoing Anthem data breach incident to less severe but still unsettling potential break-in at Chick-fil-A, is prompting more companies to embrace cybersecurity insurance. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.