IT Security & High Risk Users Management Blog | WALLIX

Work in IT security? Are you ready for cyber insurance?

Written by WALLIX | Oct 1, 2015 9:31:09 AM

In a report released this week insurance giant Allianz said increasing awareness of exposures and regulatory change would lead to “rapid growth” in cyber insurance. It predicted premiums for cyber insurance would grow globally from $2bn (£1.3bn) per year today to more than $20bn (£13bn) over the next 10 years, a compound annual growth rate of more than 20%.

From an information security point of view this is a good thing, more awareness in the existence of these kinds of threats and a willingness for businesses to invest in covering the potential costs of a data breach is all positive. But like any policy, cyber insurance comes with conditions and it’s the need to meet requirements around security policy and technology that could directly affect you.

Recent research undertaken by us here at Wallix highlighted that around a quarter of businesses who were investing in cyber insurance didn’t seem to be including IT teams in that purchasing decision and that IT professionals didn’t necessarily believe that a decision to invest in cover would affect their security infrastructure or policies. You can download the report here.

Our report also highlighted a correlation between two areas likely to affect your cover in the event of breach.

  1. Access management

For obvious reasons ensuring that only authorised individuals have access to IT systems becomes more important if you are the victim of a data breach. Having good control of who can access what, especially where users have elevated privileges, might be the difference to your insurer paying out.

  1. Breach attribution

Lloyds of London recently highlighted that, “Continually evolving attack strategies, perpetrators and motives – only motive and attribution for an attack will determine whether clauses and exclusions can be considered.” Visibility of not just network traffic but user activity will become crucial to effective investigation of breaches.

Even if you see your role as more technical, the potential for you to influence in making sure that an investment in cyber insurance is effective can’t be understated.