The massive, well-publicized cyber attacks on Target, Sony, Anthem and others are spurring demand for cybersecurity insurance. Last year, U.S. companies paid an estimated $2 billion in cybersecurity premiums, up 65 percent from 2013, according to the Washington Post.
That’s a good thing. These insurance policies help lower the risk of operating in today’s hyper-connected environment.
But cybersecurity insurance isn’t a panacea. Just as having medical insurance doesn’t mean you should take up extreme sports without prior training, having a cybersecurity insurance policy doesn’t mean you can leave your organization’s networks and systems unprotected. Medical insurance is an important part of your overall strategy for staying healthy, but it’s only a part. Similarly, cybersecurity insurance should be one element of your overall strategy for keeping your systems safe.
Cybersecurity insurance generally covers both first-party damages — financial losses suffered by the organization holding the policy — and those of third parties, meaning liability for damages to customers, partners and others. Damages typically covered include data breaches, network damage, loss of digital assets, equipment damage and some revenue loss.
But cyber security insurance has its limits. Not generally covered are such important factors as reputational loss, business downturns, theft of intellectual property and customer data. Also, most policies top out coverage at about $300,000. That’s a far cry from what a data breach can actually cost — up to $9.4 million over 24 months, estimates Experian. For example, the simple act of notifying credit-card customers of a breach can cost a bank as much as $500,000. Target’s breach is estimated to have cost the company more than $145 million so far, with the total bill not yet delivered.
There are plenty of cyber insurance options. Some 50 insurers now offer these policies, including such well-known companies as Farmers, Allstate, Chubb and Travelers. Buy a policy and you’ll be in good company. Roughly 40 percent of large U.S. companies currently hold cybersecurity insurance policies, estimates Betterly Risk Consultants. That figure approaches 80 percent in some especially sensitive vertical markets, including retail and healthcare.
Their premiums add up; reducing those premiums isn’t a bad idea. In a survey of more than 9,700 senior business and IT executives worldwide, conducted late last year by audit and consulting firm PricewaterhouseCoopers, just over 35 percent said they’ve taken measures to reduce their security premiums.
As part of a total security strategy, taking out insurance is a good first step. A good next step is installing an advanced solution that integrates data from existing point solutions and correlates data across all network endpoints. Leading managed security solutions are also applying the latest in big data analytics and machine learning to anticipate security breaches before they cause havoc.
Learn more about Masergy’s Managed Security solutions.