With threats and attacks increasing like never before, it is hard to be sure of your security. Data breach news have began making into the headlines almost daily. Still not many have turned towards insuring their cyber possessions. Days, when cyber attacks were limited to the IT department, have gone, and now we have the risk evaluators also getting into, as Network today holds much more than what it held earlier.
In an article by Eric Chabrow, based on the 2012 RIMS Benchmark Survey, he states that ‘Cyber-insurance policies vary widely, but they often cover notification expenses, credit-monitoring services, and, in many cases, legal PCI compliance defense costs and even government penalties.’ He quotes further, ‘more and more companies are creating committees that span the organization to address data security issues, and increasingly that includes the risk management department. He adds, “In the section about IT industry liability, RIMS reported 32 data breaches with insurance payouts totalling $91 million in 2011. In the telecom sector, the study reported 10 cases of unauthorized data distribution and $170 million in payouts.” These stats clarify the growing existence of Cyber Insurance in organisations.
The crucial fact that one needs to understand is that in the case of Cyber Insurance, there is no one solution that will fit all. It is a rather new entrant to the insurance industry and comparatively less insurance vendors offer it. Owing to these reasons the offerings packaged under the header of Cyber Insurance aren’t consistent or uniform.
Apart from the inconsistency, lack of proper parameters to figure the existing coverage is also an issue. Often those who have the policies in place, when attacked on placing the claim realise that the general liability policies of their said insurance policy don’t protect from losses related to its computers and information systems. Supporting this experts affirm that there are a lot of exclusions in general-liability policies that could deny coverage at times. Appropriate assessment of existing coverage and understanding the right solution cover for your network, is essential for benefitting from it.
Owing to the huge magnitude of loss breaches bring in, ignoring cyber insurance is also not advisable. In addition everything today involves the web right from applications to basic process in an organisation. These points indicate the crucial need for cyber insurance. In support to this Eric concludes his article by quoting John Wheeler, a research director at IT consultancy Gartner, who cautions that cyber-insurance isn’t a stopgap measure to compensate for weaknesses in an IT security program.
Appropriate and adequate security arrangements combined with regular IT security awareness and trainings is inevitable. A fool-proof network security should include best-of breed security, regular IT security awareness and Cyber insurance. All of these play an equal and important role in ensuring a dependable shield against the evolving threat landscape