Last week the chief of Lloyds of London claimed that his business had seen a 50% increase in demand for cyber insurance products in the first quarter of 2015. The UK government working in partnership with insurance broker Marsh in Marsh has highlighted that around 98% of large UK companies have no form of insurance against a data breach or cyber-attack.
There are three key factors that will drive demand for cyber insurance products in the immediate future:
- Data breaches are on the rise and more damaging than ever
- Government are backing the UK cyber insurance industry to become a world leader
- There are sweeping privacy reforms underway in the EU
So what does cyber insurance actually get you? In an article for legal news site Out-Law cyber liability specialist Ian Birdsey of Pinsent Masons explained, “There is a financial indemnity up to potentially significant levels of indemnity or cover in the region of hundreds of millions of pounds; and access to an expert panel of vendors often at preferential rates in the event of a data breach.” He added, “The underwriting process is also likely to focus on various key aspects of risk management.”
That means you can expect to be able to claim for the financial impact of a breach, which seems like a good safety net. But it’s the underwriting process that raises concerns: What are these “key aspects” of risk management? Would a business judged to be less risky qualify for a lower premium?
It’s the second question that is of greatest interest to any IT security professional who’s looking to do the best job for the business they work in. To take car insurance as an example, customers who use a “dashcam” in their cars recording all of their journeys receive a substantial discount on their premiums. The same should surely apply to those organisations who have made significant investments to reduce their risk of being the victim of an insider attack, malware or hack?
If you’re now considering cyber insurance to help you respond in the event of a breach be sure to challenge that provider to be clear about the steps you can take with your policies or technology to keep your premium down.