Find out what cyber insurance is, who is adopting it and what the impact could be on your business.
In the fastest growing decade of technological advancements where the use of smart phones, Wi-Fi and the internet are second nature to us; and the use of cloud services, bring-your-own-devices and internet-connected supply chains became the norm; is there any wonder that businesses have become more reliant on technology?
As businesses increase their utilisation of these types of technological advancements the risk from suffering a data loss increases. Cybercrime is an industry that has flourished with a staggering 43% of companies having experienced a data breach in the past year. That’s up 10% from 2013.
Data breaches are now unfortunately a part of our everyday lives but how can businesses better manage the risks related to a data breach to reduce the significant cost that can result from them?
One of the options is to buy an Insurance:
What is Cyber Insurance?
Cyber liability insurance cover (CLIC) is often used to describe a wide range of insurance policies at present, cyber liability insurance cover can include:
- Data breach/privacy crisis management cover
- Multimedia/Media liability cover
- Extortion liability cover
- Network security liability
Some of the elements of a cyber liability cover may be interconnected or overlap with cover from existing products, including those for business continuity, third-party supply chain issues and professional indemnity. Even if this overlap does exist, a decent cyber liability policy will ensure cyber risks are fully catered for.
Cyber liability insurance cover (CLIC) has been available in the market for the last decade, however most security professionals seem unlikely to have heard of it or know that it exists. This is backed up by findings from The Corporate Executive Programme (CEP) where only 13% of large and mid-sized companies in the UK have dedicated cyber insurance. In a recent poll at this year’s Infosecurity Europe exhibition 63% of the security professionals canvased stated that cyber liability insurance isn’t worth the paper it is written on as they believed that insurers wouldn’t honour claims if their systems were breached.
The most successful adoption of CLIC is in countries where they have mandatory data breach notification laws. The best example of this is the United States, where 46 of the 50 states have mandatory requirements for data breach notification. At the moment this doesn’t affect the UK directly however with the impending update on the EU Data Protection Regulation that includes mandatory notification of breaches this could all change.
What does this mean for UK businesses…
In our opinion as with home and car insurance for businesses to even pass the insurance acceptance criteria a minimum level of security measures will need to be put in place including:
- Next Generation Firewall
- Proof that annual security audits are conducted
- Information security policy
Equilibrium Security is proposing to work with businesses to ensure that their systems will not only pass the criteria to obtain cyber insurance when needed but will protect a business’s most important asset its data. Even if your business does not agree with the expense of a CLIC insurance policy it is still advisable to follow the best practice security recommendations to ensure that your business is not exposed if breached.
We feel that the option of using CLIC will become more attractive to businesses as the expense of dealing with a cyber breach gets higher and the cost of dealing with mandatory notification is added, in much the same way that existing business insurance policies for fire, flood and theft have become a vital component in the risk management toolkit.
Let’s be honest insurance alone is not enough to have in place if your company is breached by a cyber-attack however it is a good validation point to have in place for your customers and can help save a lot of money in the long run.