Cybercrime Insurance Industry Poised to Explode, But Danger Lurks
Things aren't so simple when calculating cyber risk
With mega-breaches of high profile retail and banking giants making so many headlines over the last year, interest in cybercrime insurance has intensified across the global business landscape, and the CEO of Lloyd’s of London said this week she expects that interest to surge even more. GDF’s founder discusses this burgeoning trend and offers some advice, and warnings, for businesses looking into taking the plunge.
Lloyd's getting in the game
In an interview with Guy Johnson on Bloomberg TV in London this week (October 8, 2014), Inga Beale, CEO of Lloyds of London, the world’s oldest and most famous insurance market, said she expects interest in cyber risk insurance to "grow dramatically with all the hacking incidents that have been around." But big news on the topic wasn’t just confined to the other side of the pond. Two days earlier (October 6, 2014), Reuters reported that former United States Secretary of Homeland Security, Tom Ridge, had also jumped into the fray, revealing news about a new cybercrime insurance product he is launching for US businesses with the backing of five syndicates at Lloyd’s of London. With the business industry grapevine starting to heat up with talk about cybercrime insurance, Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions, took some time to talk about some of the pitfalls that may lie ahead and what businesses will want to do before even thinking about pursuing cyber risk insurance.
Big year for hackers
“It has certainly been a banner year for hackers. Just look at some of high profile targets they managed to victimize in the last year to the tune of hundreds of millions of dollars and affected customers, companies like Target, Home Depot, JPMorgan Chase, Albertsons, Supervalu, Michaels, Neiman Marcus, Dairy Queen, and the list just continues to grow. So it shouldn’t come as any surprise that US businesses are looking for more ways to insulate themselves against the tremendous losses cyber attacks can inflict,” says Caruso.
It's all about risk
“But just like any type of insurance, premiums always boil down to one thing for insurers – the risk involved. And therein lies the rub. In our experience assessing cyber threats and risk, far too many businesses really have no idea what threats they may be vulnerable to, or just how vulnerable they are, and honestly, it’s also fairly new ground for the insurance industry. So correctly calculating risk is going to be the first big hurdle that needs to be cleared. Because in the end, a cybercrime insurance policy is going to have to cover a lot of ground, from direct monetary losses which can be fairly straightforward, to the longer-term-impact things like a tarnished reputation and lost customer trust can have, all of which will be unique to each and every client. They will also have to cover things like business interruption, extortion, sabotage, IP (Intellectual Property) theft, data theft, client exposure, reporting costs and much more. So obviously it is not realistic to expect premiums to come cheap, it’s just not going to happen.”
Cyber risk insurance doesn't replace cyber security
“One thing that scares me about cyber insurance is how it will be perceived and utilized in the business world. Surveys, studies and our own experience all highlight the fact that many businesses don’t even have the security basics covered, which would stop 95% or more of the threats currently out there. And usually lack of time, money and/or expertise are cited as the primary reasons more isn’t being done internally to strengthen their own cyber security posture. Cyber security does take all those things, albeit not to the degree most businesses expect, but more importantly it takes a continuous commitment. Human nature gravitates towards ease and convenience, and if companies start thinking of cyber risk insurance as an easy and convenient replacement to bonafide and proven cyber security practices because now they’ll be 'covered' against losses, some long, dark days are coming,” Caruso warns.
Insurance premiums for the healthy or the sick are always worlds apart
“If a business is even contemplating cyber risk insurance, they better first get all their ducks in a row. Think of it just like health insurance. Someone that is healthy, keeps themselves in great shape by exercising, eating right and avoiding unhealthy habits is going to be paying far less in premiums than an overweight, largely sedentary alcoholic that smokes two packs a day, because obviously the risk chart says the latter is a much greater risk and the chances the insurer will have to make a large payout are exponentially higher. That’s where companies like ours can make a huge difference, not just in helping to drastically reduce an organization’s insurance risk profile and puting a huge dent in premiums, but also in the daily battle against cyber criminals to thwart the vast majority of attacks before they ever happen, and helping clients effectively and efficiently manage the emergency response process if the unthinkable does manage to occur, like an APT (Advanced Persistent Threat) or zero day attack. Our professional vulnerability assessments let clients know exactly where they stand in relation to today’s threat landscape, from weaknesses in policies and procedures based on their business model, operations and unique internal data landscape, to regulatory compliance issues. Then we move on to our proven penetration testing, where we take on the role of real-world black hat hackers to uncover any weaknesses that can be exploited, like susceptibility to social engineering, holes in public facing endpoints, outdated or unpatched systems and networks, internal threats, application security, mistakes in how WiFi networks are managed and how digital devices like smartphones and tablets are being controlled, managed and utilized, and a long list of other potential shortcomings. In the end, we will not only help an organization save money on cyber risk insurance premiums if they decide to go that route, but we will make them much more ready to face today’s cyber threats head on, and quite possibly eliminate the need to ever have to make a claim in the first place. Now that’s smart business.”
Proven solutions to defend against cyber threats
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.