On Monday, October 12th, Reuters published a report on the rocketing premiums of cyber insurance, concluding that, “The price of cyber coverage - which helps cover costs like forensic investigations, credit monitoring, legal fees and settlements - varies widely, depending on the strength of a company's security, but the overall trend is sharply up.”
To Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, the caveat in that very sentence, “depending on the strength of a company's security,” should be front and center for any business even remotely contemplating cyber insurance, because it is the only controllable factor when trying to negotiate a realistic premium.
IT’S ALL ABOUT RISK
“Just like any type of insurance, premiums always boil down to one thing for insurers – the risk involved. And therein lies the rub," says Caruso. "In our experience assessing cyber threats and risk, far too many businesses really have no idea what threats they may be vulnerable to, or just how vulnerable they are, and honestly, it’s also fairly new ground for the insurance industry. So correctly calculating risk is going to be the first big hurdle that needs to be cleared. Because in the end, a cyber insurance policy is going to have to cover a lot of ground, from direct monetary losses which can be fairly straightforward, to the longer-term-impact things like a tarnished reputation and lost customer trust can have, all of which will be unique to each and every client. They will also have to cover things like business interruption, extortion, sabotage, IP (Intellectual Property) theft, data theft, client exposure, reporting costs and much more. So obviously it is not realistic to expect premiums to come cheap, it’s just not going to happen.”
CYBER RISK INSURANCE DOESN’T REPLACE CYBER SECURITY
“One thing that scares me about cyber insurance is the possibility that it could be seen by some as some kind of magic bullet that makes the need for the time and resources to develop and maintain a fundamentally sound cyber security posture unnecessary, because just like technology itself proves, human nature gravitates towards ease and convenience, and if companies start thinking of cyber risk insurance as an easy and convenient replacement to bonafide and proven cyber security practices because now they’ll be ‘covered’ against losses, some long, dark days are coming,” Caruso warns.
INSURANCE PREMIUMS FOR THE HEALTHY OR THE SICK ARE ALWAYS WORLDS APART
“If a business is even contemplating cyber risk insurance, they better first get all their ducks in a row, especially with the costs for coverage soaring," says Caruso. "Think of it just like health insurance. Someone that is healthy, keeps themselves in great shape by exercising, eating right, avoiding unhealthy habits and getting regular checkups is going to be paying far less in premiums than someone who does not, because obviously the risk chart says the latter is a much greater risk and the chances the insurer will have to make a large payout are exponentially higher. That’s where companies like ours can make a huge difference, not just in helping to drastically reduce an organization’s insurance risk profile and putting a huge dent in premiums, but also in the daily battle against cyber criminals to thwart the vast majority of attacks before they ever happen, and helping clients effectively and efficiently manage the emergency response process if the unthinkable does manage to occur, like an APT (Advanced Persistent Threat) or zero day attack. Our professional vulnerability assessments let clients know exactly where they stand in relation to today’s threat landscape, from weaknesses in policies and procedures based on their business model, operations and unique internal data landscape, to regulatory compliance issues. Then we move on to our proven penetration testing, where we take on the role of real-world black hat hackers to uncover any weaknesses that can be exploited, like susceptibility to social engineering, holes in public facing endpoints, outdated or unpatched systems and networks, internal threats, application security, mistakes in how WiFi networks are managed and how digital devices like smartphones and tablets are being controlled, managed and utilized, and a long list of other potential shortcomings. In the end, we will not only help an organization save money on cyber risk insurance premiums if they decide to go that route, but we will make them much more ready to face today’s cyber threats head on, and quite possibly eliminate the need to ever have to make a claim in the first place. Now that’s smart business.”
PROVEN SOLUTIONS TO DEFEND AGAINST CYBER THREATS
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.