Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Security Authors: Shelly Palmer, Slavik Markovich, Elizabeth White, Greg Ness, Liz McMillan

Related Topics: Cloud Computing, Security Journal, CyberSecurity Journal

Blog Post

Cyber Insurance: No Longer a Want, But a Need | @CloudExpo #Cloud

Companies need to make sure they have the best technology in place to protect their information

Cyber insurance is an important element for companies as it covers the damage and liability caused by a hack, which are usually excluded from traditional liability coverage.  Stricter data privacy notification laws, government incentives, cloud adoption and the increase in high-profile hacks and data breaches have all contributed to the significant increase in the number of companies offering and buying cyber insurance.

Twitter-Seat-belt-image

All companies face varying levels of risk, which warrants the need for a cyber insurance policy.  You can look at two candidates for such a policy: first, companies that store data from external sources like retailers, healthcare companies and financial services firms; and secondly, any company that stores employee data.  Customer information, such as payment details and addresses are gold to hackers.  Obviously, companies that store internal and external data should seriously consider a policy as they have the most to lose. However, according to PWC's June 2014 Managing cyber risks with insurance report, risks can often come from within - which puts both external and internal data at huge risk.  According to the report, "a systemic cyber risk can stem from internal enterprise vulnerabilities and lack of controls, but it can also emanate from upstream infrastructure, disruptive technology, supply-chain providers, trusted partners, outsourcing contractors, and external sources such as hacktivist attacks or geopolitical actors."

In 2014, cyber-attacks and cybercrime against large companies rose 40 percent globally, according to Symantec's annual Internet Security Threat report.  Unfortunately, for many organisations across the US and UK, the complexity in finding a suitable cyber insurance policy, coupled with the underwriting process can be daunting and considered too much hassle. What executives are not aware of is that purchasing cyber insurance is affordable and ultimately a good exercise that provides the opportunity for them to take a closer look at their internal technology and security policies - ensuring they are up to snuff for underwriters. This is why a strong cybersecurity measures such as two-factor authentication need to be considered as a security measure for all businesses.

Companies need to make sure they have the best technology in place to protect their information, before implementing a cyber insurance policy. Without the right protection in place, companies will find it incredibly difficult to procure an affordable insurance policy and could potentially lose millions if they suffer a data breach. This is significant to any business when you consider that the total cost of a breach is now 43.8 million, up 23 percent since 2013, according to Ponemon's 2015 Cost of a Data Breach Study.

Selecting the right policy is not as hard, nor as expensive, as some may think. Yet, when it comes to cyber insurance, not having a strong security system in place is the equivalent of admitting that you left the front door open when your house was robbed. The right systems need to be in place before CIOs, CFOs and risk managers can make such an important purchase. Security acts as the vaccination, while insurance is a cure should the worst happen.

More Stories By Steve Watts

Steve Watts is co-founder of SecurEnvoy. He brings 25 years’ of industry experience to his role at the helm of Sales & Marketing for SecurEnvoy. He founded the company with Andrew Kemshall in 2003 and still works tirelessly to grow the company in new and established markets. His particular value is market and partner strategy; having assisted in the development and design of the products, designed the pricing strategy and recurring revenue model that has been so key to the businesses growth and success.

Before starting SecurEnvoy, Steve was responsible for setting up nonstop IT, the UK’s first IT security reseller in 1994. Prior to setting out on his own, Steve worked as Sales Director at the networking and IT division of Comtec, and had started his career in office solution sales in 1986.

Outside of work, Steve is a keen rugby fan. He also enjoys sailing, mountain biking, golf and skiing