By: Shaahil Abraham, BCA 4th Sem, 1st Shift
“There are only two types of companies those that have been hacked and those that will be.” said by Robert Mueller FBI director (2012).
Cyber insurance began catching on in 2005, with total value of premium forecast is to reach $7.5 billion by 2020 worldwide!
Technology, social media and transactions over the Internet play key roles in how most organizations conduct business and reach out to prospective customers today. Those vehicles also serve as gateways to cyber attacks.
Cyber attacks are likely to occur and can cause moderate to severe losses for organizations large and small. As part of a risk management plan, organizations routinely must decide which risks to avoid, accept, control or transfer.
What is cyber insurance?
Cyber insurance is an insurance product used to protect businesses and individual users from internet based risks. Cyber insurance can’t protect the organisations form the cyber crime but it can keep the business on stable financial footing.
The rise of cyber insurance:
Events such Year 2000 problem, 9/11, causes the demand for cyber policy. It was by the year 1990 that the first cyber policies start to appear in the market. The year 2000 has much exclusion related to cyber insurance such as Rogue Employee, Regulatory, and Fines & Penalties and there was no first party coverage which by mid of 2000 was granted.
By the year 2003, California Security Breach Information Act was implemented. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information.
The California Security Breach Information Act was implemented to stop the increasing incident of identity theft. According to the Federal Trade Commission, the organization received 214,905 complaints of identity theft in 2003.
The result of policy was that many states started to follow similar act and there was new first party and third party coverage which included IT Forensics, customer notification, penalties etc.
The current status of cyber insurance is that attacks to the information infrastructure in the cyber field on the one hand have become more and more complex and professional. On the other hand, there are large amount of companies’, states and population’s dependency on IT and thus accordingly providing protection to them was the main criteria of cyber insurance companies. Many experience of the events related to data loses have proven effective in developing an environment where provides best possible data protection.
Investigation: Forensics investigation is
important to determine what has actually occurred, cause of damage and possible ways to prevent the same type of situation again.
Business losses: A cyber insurance policy may include errors that occurred due to negligence and other reasons, as well as monetary losses experience by network downtime etc.
Privacy and notification: This includes data breach notifications to the customer and other affected parties which are mandated by law in many jurisdictions.
Lawsuits and extortion: This includes legal expenses associated with the release of confidential information.
Advantages of cyber insurance:
1) Data security
The importance of data for a company is at an all-time high. In the current information era, many competitive advantages are strongly based on data, therefore the risk associated to losing control of this data also higher. Insurance offsets the expenses of a data breach.
2) Peace of mind
The jurisdiction regarding data breaches is getting tougher and tougher. Especially if one holds personal data (e.g., names, addresses, etc.) and even more so if one hold personal sensitive data (e.g., medical records). In this new legislative scenario being insured gives business owners’ peace of mind.
3) Closing the gap between traditional coverage and current needs
Traditional policies don’t cover the first party breach notification cost it only cover liability arising of tangible property but cyber insurance provides coverage for liability for loss of data, regularity and legal fine and penalties.
Disadvantage of cyber insurance:
1) Lack of historical data
Pricing on the end of the insurer is difficult, since the risk is on intangible property and there is very little historical data. This tends to drive prices up.
2) Less helping situation
The biggest impact on one’s cyber security is prevention. And there is very little insurance will do about this. One has to know where the relevant data sits and how to protect it.
3) Policies have their limits
Cyber security is a highly technical space, and while choosing one policy versus another, it is important to see what each covers and what its limitations are (e.g., some cover the breach if it is due to third party provider and others don't). Some policies might also limit the way one can react to a breach (e.g., only allowing you to work with a determined law firm).
Top cyber insurance companies in today’s scenario:
Insurance companies are:
|
Experience thought the insurance companies that Cyber insurance has been a fast-evolving market as the risks change.
Industry estimates suggest that the global cyber insurance business could increase to $20 billion by 2020, but the lack of information on cyber insurance is a challenge for insurance companies, policyholders, regulators and investors to evaluate and price risk.
The latest sources states that AIG, Chubb, XL Group leads in U.S Cyber Coverage Market Share
Conclusion:
It is rightly said that “time growing old teaches all things”, lack of data security is still a question mark for many organisations and fear for many, but till now many example have been set up to make one realise the importance of data security and thus there are efficient ways to overcome the problem, one of it is cyber insurance.
Cyber risk is complex and constantly changing, which makes it very difficult to evaluate exposure, particularly when combined with the lack of historical data to properly underwrite and price policies. Additionally, there is an added concern with respect to risk aggregation, in that a single attack could potentially affect many companies at the same time, which further impairs the ability of insurers to assess the risk. However, as the demand for cyber insurance continues to grow, insurance carriers will continue gathering the data they need to set appropriate rates and developing new products and coverage options.
0 comments:
Post a Comment