Indians are no strangers to the idea of insurance. It has a deep-rooted history and finds a mention in various manuscripts that talk about pooling resources that could be re-distributed in times of calamities such as fire, floods, epidemics and famine. With this, an early-form of insurance was born.
As technologies like mobility, cloud, social media and online transactions dominate our lives, the real and online world are becoming indistinguishable, redefining the nature of calamities. As attacks against businesses and nations are hitting the headlines with much regularity, concerns around cyber attacks are slowly mirroring physical world attacks. Whether launched by run-of-the-mill hackers, criminals, insiders or even nation states, cyber-attacks are likely to occur with possibility of moderate to severe losses for targeted organizations. Cybercriminals are not only interested in ‘who can hack,’ but also ‘who can leak.’ Whether data be stolen in a data breach, accidentally leaked or even posted online legitimately, it has a value in the underground shadow economy.
As part of a risk mitigation plan, businesses must regularly decide which threats to evade, accept, control or transfer. Transferring risk is where Cyber Insurance comes into play.
Cyber Insurance: What Every CISO Needs to Know
Considering cybersecurity today, our information could be lost in a digital ocean we call the worldwide web. From a threat landscape perspective, the volume of attacks continues to rise as adversaries become more determined, persistent, and hostile with cyber-attacks. Last year, we witnessed the largest data breach ever publicly reported with 191 million records compromised in a single incident. Attackers are relentless and continue to move faster and more efficiently, breach organizations with targeted campaigns, focus on consumers across social media, mobile, and connected platforms, and aim to take advantage of the emerging Internet of Things.
The impact of a cyber-attack on an organization's brand, reputation, and business operations can be catastrophic. Therefore, organizations need to plan proactively while preparing for the reactive, which includes insurance for goods, intellectual property (IP), and commerce—the assets sailing across the digital landscape. That’s Cyber Insurance for you.
Drivers of Cyber Insurance
Data breaches cause reputational harm and business interruptions, but most of all—they’re expensive. Symantec’s Internet Security Threat Report Vol. 21 revealed that Indian enterprises need to plan for repeated targeted attacks. They were the 6th most targeted in Asia, with targeted organizations on the receiving end of two attacks on an average. Relying on IT defenses alone can create a false sense of security; however, no organization is immune from the ever increasing risks. Many are now turning to cyber insurance as another layer of protection, complementing the efforts of IT and other information security functions, where the greatest value is realized. When we look at the rapid adoption of cyber insurance, there are two key factors attributing to this growth: new regulations which obligate companies to respond to information breaches and the increase of cyber criminals using stolen information for payment fraud, identity theft, and other crimes.
Coverage Span and Factors to Consider
A study from PwC suggests that the cyber insurance market has grown from $1 billion to $2.5 billion over the past two years, and is expected to increase significantly over the next five years. Cyber insurance is evolving as fast as technology. What is considered core coverage today was not available as little as three years ago, and enhancements to coverage are being negotiated in the marketplace every day. Although liability is the most popular cyber insurance coverage, the majority of purchasers also buy coverage for investigating an incident and for digital extortion demands. Additionally factors such as the size of the insured organization, amount of sensitive data stored, industry norms and degree of potential reputational risk can be considered for a company while panning their cyber insurance premiums.
In current scenario with the incredible volumes of data being created in this hyper-connected world, it is no longer a question of, ‘if’ or ‘when’ but ‘how’ often will you be attacked. Cyber insurance offers organizations protection to limit their risk, but companies should consider all coverage options cautiously. It’s not about checking off a box; it’s about finding a policy that protects the organization’s brand, reputation, and operations if they are faced with a breach. The business relevance of cyber Insurance is only to grow from here, and having a well-built and regularly tested Incident Response program is an important component of a comprehensive risk management plan to help lessen the risk for organizations.
About the Author:
The author is director, Cyber Security Services, India, Symantec
Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).