For the information security professional a data breach is the worst case scenario but must also be considered an occupational hazard.
While it’s true that you have to invest energy and resources into reducing the risk of a breach, you also have to have a post-breach strategy that includes identifying the nature of the breach and its origin. And this is where things get tricky.
Investments in cyber insurance must be carefully prepared
Let’s consider these two pieces of information:
In April, Barbican Insurance claimed that submissions for their cyber insurance were up by 50%
In the same month Verizon’s Annual Data Breach report highlighted that two-thirds of all cyber espionage incidents had no attacker-attribution information
These facts may initially seem unrelated, but as with any insurance policy there are clauses and conditions in cyber cover that the insured party must meet. Attributing the source and nature of any attack could be one of them.
Proving the origin of an attack to your insurer
Insurance megalith Lloyds of London recently sponsored research entitled “Business Blackout”, exploring the potential impact of major cyber-attack on the US power grid. Of course this raises concerns about securing what they define as operational technology and recognising that the more infrastructure is connected, the greater the risk of attack. The fictional scenario laid out is interesting, but it was a lone bullet point included in the section: “Challenges for the development of cyber cover”
“Continually evolving attack strategies, perpetrators and motives – only motive and attribution for an attack will determine whether clauses and exclusions can be considered.”
This is where the two stats tie worryingly together. It seems that while you might prepared to make an investment in cyber insurance that should help you in the event of a data breach, your biggest challenge could be proving to your insurer the motive and origin of an attack to ensure you are correctly compensated.
Cyber insurance's role in risks management
The difficulties of data breach attribution are well understood and the massive number of potential causes are highlighted perfectly by the hilarious "Sony Breach Attribution Generator", which takes facts related to the hack to output randomly generated suspects!
Cyber insurance is no doubt an important development in the management of risks to your infrastructure and data, but an understanding of how a policy works in relation to your technology and technical expertise are vital elements to understand whether it will represent real value in the event of a breach.
Keep in mind the importance of visibility, monitoring and auditing as vital weapons in your data breach response arsenal, they could be vital when it comes to identifying the source of an attack and guaranteeing a return on your investment in insurance.