May 28, 2019 by Siobhan Climer and Mishaal Khan
Cybersecurity is top of mind for organizations in every industry, where the number of cyber attacks and breached records rises every day. In 2018, there were over 446.5 million sensitive records exposed, a 126% increase from 2017.
Insuring Against Risk
One strategy businesses use to protect themselves from cyber risk is to purchase cyber insurance. The primary purpose of which is risk-sharing between provider and purchaser. Sometimes called Cyber Risk Insurance or Cyber Liability Insurance Coverage, cyber insurance broadly seeks to minimize risk exposure by reducing the costs of breach recovery.
Key point: Cyber insurance does not reduce your risk of being attacked.
Instead, cyber insurance reduces the risk of after-attack effects specifically related to cost and liability. Depending on the policy, cyber insurance might cover legal fees, expenses, customer notifications, identity theft protection for customers, data recovery, and computer system repairs.
Most notably, cyber insurance helps businesses fund the reputation recovery needed after a breach in trust.
Strengthen Your Security Posture: Start With A Cybersecurity Framework
Who Is Investing Today
Midmarket and enterprise organizations have typically been the first to invest in cyber insurance – 45% of enterprise organizations have had a cyber insurance plan in place for at least 2 years. This is primarily due to the myth that larger organizations are more at risk.
In reality, 71% of SMBs believe they are ill-prepared to address the increase in security threats. 61% of data breaches target smaller businesses and, in 2018, 53% of small businesses experienced multiple data breaches exposing billions of records. With each record averaging, globally, $148, those costs can quickly become unmanageable for even the most successful enterprise.
Cyber insurance can help to alleviate the risk and offset the costs of a data breach. By helping businesses restore trust, maintain their reputation, and respond efficiently and effectively to a breach, cyber insurance decreases the risk businesses face at a time where the likelihood of an attack – or the probability that the business is unwittingly already a victim – is increasing.
Cyber Insurance Still Falls Short
Despite businesses hoping for a cyber risk band-aid, there is no quick fix to data breach risk. Some common concerns include:
- Lack of consistency in contractual language
- Lack of clarity around the ROI on insurance due to industry secrecy
- Unresolved legal questions
- Misrepresentation of the malicious parties responsible for attacks
- Lack of insurance industry-wide standards around cyber policies
- Confusion over how insurance covers third-party vendors or partners
- Costs seem disproportionate to services offered and liability covered
- Overly complicated and difficult to navigate
Some even wonder if the proliferation of cyber insurance actually increases the cyber risk across the globe. As CSO’s Senior Writer J.M. Porup asks, “If you’re paying for insurance, why bother applying strong security controls?”
The “moral hazard” argument comes up again and again in every insurance conversation, through with cyber insurance the risks appear more prominent. With the continued increase in breached consumer records, cyber risk applies to everyone, not just the company or shareholders.
One way to lower cyber insurance premiums is to perform a risk assessment and implement cybersecurity standards.
Start With A Plan
So, while cyber insurance is likely a good investment overall – frankly, your organization will be the subject of a cyber attack or a data breach – it can’t be the only solution.
Organizations in every industry need to first develop a hardened security posture that uses security layers and microsegmentation to isolate and protect the sensitive data it relies on, wherever that data is housed.
Start your cybersecurity conversation today by registering for a Mindsight Whiteboard Session. These free, one-on-one conversations offer you the chance to sit down with our information security engineers to understand your current risk profile and develop a plan for securing your business today.
Like what you read?
Contact us today to discuss cyber insurance and your cyber risk.
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
Contact us at GoMindsight.com.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.