Adding business value with cyber insurance
Kane Lightowler, Managing Director, Asia Pacific &
Japan, Carbon Black
Japan, Carbon Black
 |
| Kane Lightowler, Managing Director, Asia Pacific & Japan, Carbon Black |
With more countries embarking on Smart Nation
projects, the number of connected devices and volume of data will only
increase. This means that cybercriminals now have an almost infinite number of
(often poorly protected) channels to launch their attacks. Underscoring the
severity of issue, the Monetary Authority of Singapore (MAS) has urged
companies to boost their cybersecurity initiatives, as well as adopt cyber
insurance[1]. As such, the
market for cyber insurance is expected to reach $7.5 billion in premiums by
2020[2], with apparent
demand by the finance industry, along with a forecast of new investments from
the healthcare industry.
projects, the number of connected devices and volume of data will only
increase. This means that cybercriminals now have an almost infinite number of
(often poorly protected) channels to launch their attacks. Underscoring the
severity of issue, the Monetary Authority of Singapore (MAS) has urged
companies to boost their cybersecurity initiatives, as well as adopt cyber
insurance[1]. As such, the
market for cyber insurance is expected to reach $7.5 billion in premiums by
2020[2], with apparent
demand by the finance industry, along with a forecast of new investments from
the healthcare industry.
While it is good news that companies are taking
increased measures by moving toward cyber insurance to underwrite potential
losses generated from cyberattacks, such as lawsuits, investigations, and
business ramifications from exposed trade secrets, it is important to note that
while cyber insurance can help to manage losses, it needs to go hand-in-hand
with a robust cybersecurity infrastructure in order to add real value to your
business.
increased measures by moving toward cyber insurance to underwrite potential
losses generated from cyberattacks, such as lawsuits, investigations, and
business ramifications from exposed trade secrets, it is important to note that
while cyber insurance can help to manage losses, it needs to go hand-in-hand
with a robust cybersecurity infrastructure in order to add real value to your
business.
Insuring the intangible
Cyber insurance can be likened to fire insurance; most
businesses insure and deploy significant detection, prevention and response
measures such fire suppression systems, fire resistant materials and fire
drills, resulting in maximum risk coverage. In the same vein, companies should
prioritise the deployment of a strong cybersecurity infrastructure consisting
of robust detection, prevention and incident response measures, which results
in an overall effective and efficient risk management plan that lowers your
insurance premium too.
businesses insure and deploy significant detection, prevention and response
measures such fire suppression systems, fire resistant materials and fire
drills, resulting in maximum risk coverage. In the same vein, companies should
prioritise the deployment of a strong cybersecurity infrastructure consisting
of robust detection, prevention and incident response measures, which results
in an overall effective and efficient risk management plan that lowers your
insurance premium too.
The industry is already making great progress to
support the distribution of cyber insurance. For example, credit rating
services such as FICO Enterprise Security Score allows cyber insurance
providers to access cyber infrastructure and measure risk exposure, as well as
forecast the likelihood of cybersecurity incidents in order to tailor policies
and premiums for companies with different needs.
support the distribution of cyber insurance. For example, credit rating
services such as FICO Enterprise Security Score allows cyber insurance
providers to access cyber infrastructure and measure risk exposure, as well as
forecast the likelihood of cybersecurity incidents in order to tailor policies
and premiums for companies with different needs.
The next step is for the government to support the
cyber insurance ecosystem through the enforcement of mandatory and regulatory
laws on cyber security. Such legislation can benefit the industry as a whole as
it ensures a minimum standard for any given company’s cyber infrastructure,
which enables cyber insurance companies to lower their premiums.
cyber insurance ecosystem through the enforcement of mandatory and regulatory
laws on cyber security. Such legislation can benefit the industry as a whole as
it ensures a minimum standard for any given company’s cyber infrastructure,
which enables cyber insurance companies to lower their premiums.
Process, People and Technology
As cyber insurance can be a reasonably large
investment for organisations, it is essential for companies to enforce strong
cyber security fundamentals and best practises to maximise their dollars. For
example, the financial industry is governed by mandatory laws that require
banks to retain sensitive customer and transaction information, resulting in
higher premiums. However, for businesses that do not revolve around
transactions, holding customers’ payment information is counterproductive.
Instead, these companies should consider outsourcing payment methods to third
party providers, which will take a big amount of risk away.
investment for organisations, it is essential for companies to enforce strong
cyber security fundamentals and best practises to maximise their dollars. For
example, the financial industry is governed by mandatory laws that require
banks to retain sensitive customer and transaction information, resulting in
higher premiums. However, for businesses that do not revolve around
transactions, holding customers’ payment information is counterproductive.
Instead, these companies should consider outsourcing payment methods to third
party providers, which will take a big amount of risk away.
A strong cybersecurity infrastructure mandates the
deployment of more than just anti-virus software and firewalls. Cybercriminals
have long advanced their methods of attacks beyond these traditional line of
defences and companies need to up the ante when it comes to their cybersecurity
technology too. Today, both public and private sectors should look to the next
generation of anti-virus (NGAV) and end-point security (NGES), which gives them
full visibility from the perimeters to drive their detection and response
strategies.
deployment of more than just anti-virus software and firewalls. Cybercriminals
have long advanced their methods of attacks beyond these traditional line of
defences and companies need to up the ante when it comes to their cybersecurity
technology too. Today, both public and private sectors should look to the next
generation of anti-virus (NGAV) and end-point security (NGES), which gives them
full visibility from the perimeters to drive their detection and response
strategies.
Finally, just like how companies conduct regular fire
drills to ensure that employees know how to respond appropriately to a fire
incident to minimise damage, the same theory can be applied to a cybersecurity
incident response plan. Employees at the IT frontline should be trained to
minimise and contain the initial signs of a cyber intrusion, preventing it from
escalating to a major breach.
drills to ensure that employees know how to respond appropriately to a fire
incident to minimise damage, the same theory can be applied to a cybersecurity
incident response plan. Employees at the IT frontline should be trained to
minimise and contain the initial signs of a cyber intrusion, preventing it from
escalating to a major breach.
Only with these preventive and risk minimisation
measures in place, then can cyber insurance truly bring value to your overall
cybersecurity management plan.
measures in place, then can cyber insurance truly bring value to your overall
cybersecurity management plan.
[1] TODAY, MAS working to beef up expertise on cyber risk insurance, 27 October 2016
[2] PricewaterhouseCoopers, Insurance 2020 & beyond: Reaping the
dividends of cyber resilience, 2016
dividends of cyber resilience, 2016
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
