No one likes paying for insurance, but sometimes, it is necessary. We need health insurance, car insurance and dental insurance, but then there are the more frivolous types of insurance; you can buy divorce insurance, kidnapping insurance and even “drunk guest” insurance.
For a long time, people assumed cyber insurance belonged in the “frivolous” category, but we know now that it is a must have.
Cyber insurance: A must have
A survey conducted by Veracode Inc. and New York Stock Exchange (NYSE) Governance Services found that 60% of directors and officers expect an increase in shareholder lawsuits because of heightened corporate cybersecurity liability. Due to this, many companies already have some sort of cyber insurance:
- 91% of respondents have business interruption and data restoration protection
- 54% have coverage for expense reimbursement – PCI fines, breach remediation/notification and extortion, among others
- 52% have employee or insider threat liability coverage
- 35% are seeking coverage against loss of sensitive data caused by software coding and human errors
For many years, security experts have been stressing that cyber attacks are a case of “when,” not “if,” and now that most companies have accepted that fate, they are ready to protect themselves against the short and long-term effects a data breach will have on their companies.
Cyber insurance improves security
There are a few ways cyber insurance will improve security, but they all tie back to one motivation – money. Cynical, but true.
First and foremost, we are going to see the cyber insurance companies lobbying for better security and prevention laws. Sam King, chief strategy officer at Veracode, pointed out that we have seen this happen before. “”Just as the evolution of fire insurance drove the creation and enforcement of minimum standards in the way buildings are constructed and protected, cyber liability insurance may soon establish a new baseline for cybersecurity best practices.”
Then, the insurance companies will also create their own restrictions. They will require their customers to take their security practices to the next level in order to reduce the number of payouts they need to make.
Finally, as the Veracode and NYSE survey suggested, between current concerns and all the legal attention cyber security will be getting, the general public will be better educated on security and have higher expectations for providers. If people are not impressed with the protection they are getting, we will likely see a greater public uproar and number of lawsuits than we have in the past.
Even though cyber insurance companies are going to make a hefty profit from the legal attention they will inevitably give to cybersecurity, we are thankful for them. It is wake up call many companies need to improve security and the perfect excuse for us security pros to get the increase in budget we desperately need.