Cyber risk insurance ‘an increasing trend’
Dubai, August 14, 2014
Cyber risk insurance is an increasing trend as businesses become targets of cyber crime, according to a report.
The cyber insurance market is set to double this year over the last, as the need for cyber insurance becomes more acute, with massive incidents at companies like Target, e-Bay and government agencies like the Office of Personal Management, said the AccessData report.
While these high–profile breaches have led to skyrocketing interest in cyber insurance, they have also highlighted a glaring weakness in insurance companies’ ability to price – and therefore offer – such coverage: the lack of incident resolution expertise, technology and processes among clients requesting coverage.
The first half of 2014 saw a 21 per cent increase in data breaches over the same period last year, according to technology media, events and research company IDG.
The cyber insurance market is being held back by a lack of maturity in two critical areas - insurers have an alarming inability to model client risk and insurers are not yet requiring clients to become prepared to deal with major breaches.
Cyber insurance is so new there is almost no empirical data for insurers to use – and empirical data is the currency of insurance. As it has always done with new policy types, the insurance industry will eventually build up enough empirical data to make risk modeling reliable.
Craig Carpenter, chief marketing officer at AccessData, has proposed three steps which will give potential companies looking to purchase cyber risk insurance and the insurance providers who seek to cover them with lucrative, yet sensible policies to find common ground.
• Realizing breaches are inevitable, focus more on quick detection, response and remediation than prevention. The idea that a network – any network – is impenetrable simply no longer reflects reality. Prevention is obviously important, but what really minimizes exposure is speed of resolution with any incident.
• Require a full-fledged incident resolution team and process. The biggest weakness for most companies is their lack of knowledgeable talent in-house that can handle a breach’s aftermath. Without the right people in place working with a sound process vetted in advance, breaches will inevitably get worse.
• Work with clients to develop best practices, starting with “Mean Time to Response (MTR).” The development of sustainable health, fire, auto and life programmes illustrates a tried-and-true path forward, namely working with clients to develop metrics to indicate particularly risky (or healthy or safe) behaviour. By far the best way to minimise any breach is to detect and remediate it as quickly as possible.
Cyber insurance is ready to explode in the coming quarters and years as clients and insurance companies alike are clamoring for coverage, said Carpenter.
However, the only way to unlock the market’s potential is for both sides to collaborate on the development of best practices, especially in the area of rapid detection and response.
Without “virtual sprinkler systems” as standard features of any cyber security programme, cyber breaches cannot be expected to be contained before major damage is done – an outcome no one wants to see, he added. - TradeArabia News Service