Cyber Insurance Will Reshape Cyber Security

Uploaded on 2019-10-28 in FREE TO VIEW, BUSINESS-Services-Financial

Cyber security is broken as there is virtually no company that isn’t a potential target. From mom-and-pop storefronts to Fortune 500 companies, no business is immune to cyber risk. Even with the best possible cybersecurity posture, there is always a threat of a breach.
 
There are several factors driving the rise in cyber threats. They break down into a few core categories:  more areas of exposure, difficulty in law enforcement and more creative hackers.
 
Increased exposure. There is a lot of code out there, code that can be exploited for cyber-attacks. The sheer volume grows constantly as software companies write more lines of code for each solution. Further, there are more and more software offerings being implemented by all sizes of companies. In short, more software solutions with more lines of code for each. This presents many more opportunities for exploitation. Legacy code presents its own problem, as older code is hard to check adequately.
 
Hackers are hard to identify, harder to catch. Hackers don’t necessarily “phish where they live.” They often prefer to hack across borders, making it difficult to coordinate law enforcement efforts. Sophisticated hackers often work in groups, making traceability and accountability nearly impossible.
 
Hacking innovation. Since cybersecurity technologies adapt to threats after the fact, hackers improve their hacking techniques to be successful. Due to the cycle of hack-solution-new hack, cybersecurity providers primarily react to new attacks; they can’t predict them. Growing hacking opportunities, a lack of accountability and large financial rewards give hackers plenty of incentive to keep innovating their methods while more and more hackers join their ranks.
 
How it Affects the Market
 
There are two outcomes cropping out of this new era of cyber threats that affect businesses.
  • One is the inability of cybersecurity providers to guarantee the effectiveness of a cyber solution, or combination of products, to thwart a breach. 
  • Second, it is impossible to accurately quantify the cost/benefit of a cyber strategy since the likelihood and potential severity of cyber breaches is unknown.
Since the beginning of insurance, the industry has always sought ways to reduce risk, including incentivising clients to take preventative measures. Yet businesses need some form of cyber protection. How, then, can they determine an appropriate cyber budget and allocation plan, given the inherent uncertainties they face?
 
The solution: Cyber Insurance
The insurance industry is best poised to solve the cyber-security problem. There are three reasons: motivation, data and leverage.
 
Motivation. Cyber insurance carriers have the same end goal as the insured: not to get breached. The insured doesn’t want to experience a breach, and the carrier doesn’t want to pay out. The risk exposure for insurers is amplified, as risk understanding is less developed compared to more mature lines of insurance such as life, homeowners and auto.
When cyber-attacks are thwarted, it’s a “win-win” for both parties.
 
Data.Carriers have a lot of it, and they are only going to accumulate more. Large-scale breaches and widespread viruses make headlines, driving businesses of all sizes to demand cyber coverage. As the cyber insurance market grows, carriers will amass more data.
 
More than just volume, insurers are in the unique position of collecting proprietary information not accessible to other companies. Specifically, insurance providers collect four categories of data that can be analyzed for the purpose of minimising cyber threats.
  • Actual losses. Using accumulated claims data, carriers can identify the type and severity of breaches, and associate them with actual losses. Claims reports and breach investigations allow carriers to better understand the root causes of how an attack occurred and how to minimize future similar attacks.
  • Technology solutions and practices. Insurers know what technology products clients use by company and solution. Additionally, an increasing number of carriers are using technical solutions to assess the risk level of their insureds. This allows for deep analysis of which practices and solutions actually minimise losses, which don’t, and in which cases.
  • Company demographics. Cyber carriers know industry, company size, revenue and much more about their client base.
  • Company details. Carriers are in a unique position where they can require an applicant to provide additional qualitative and quantitative data to better understand the insured’s risk, including the type of data they store, their organisational processes and even governance. 
Some examples are number of credit card records housed, assessment of their incidence response plans to the type of regulations they follow. As carriers learn what information best drives ROI, they can adapt their questions to best serve their predictive models. These datasets help develop risk models that can better predict the likelihood of an attack, potential damage and the preventative steps necessary to minimise threats.
 
Leverage
 
Leveraging the above, cyber insurance can reshape cybersecurity. Once insurance carriers can understand and model cyber risk, they can drive adoption of best practices via financial incentives to the insureds. In time, cyber-security vendors will be measured on their ability to minimise cyber breaches, incentivising them to improve their offering. There is nothing new here. Since the beginning of insurance, the industry has always sought ways to reduce risk, including incentivizing clients to take preventative measures.
 
The US' first insurance company, The Philadelphia Contributionship  was founded in 1752 by none other than Benjamin Franklin, offering fire insurance in the city of Philadelphia. Before accepting a potential client, Franklin’s company would send a team of surveyors to inspect the property to assess risk of fire and set rates accordingly. As fire insurance evolved, several drivers helped reduce premiums and lower losses, including industry regulation, improved building standards, the creation of paid fire departments and financial incentives given to the customer based on taking recommended preventive actions. 
 
Take a more recent example: modern homeowners insurance. All other factors being equal, a homeowner who installs an alarm system and smoke detectors will see a lower premium than one who doesn’t.
 
Similarly, if cyber policyholders show they’ve adapted suggested actions, they will not only enjoy a maximised cyber posture but also savings on premiums. These actions will create demand for cyber products that adhere to insurance standards.
 
Cyber insurance carriers, armed with the best understanding and motivations, will spur businesses to take actions that allow for better cyber planning and budgeting, improved ability to withstand attacks, more accurate premiums on policies, and ultimately a stronger cybersecurity ecosystem. Cyber-security may be broken, but cyber insurance can help fix it.
 
Insurance Journal:       Carrier Management
 
You Might Also Read:
 
Effective Cybersecurity Requires Both Cyber Training & Insurance Cover:
 
« British Government Funds Chip Maker To Build Cyber Resilience
The Next Industrial Revolution »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Axient

Axient

Axient advances defense and civilian missions from aerospace to cyberspace with multi-domain test and analysis, mission engineering and operations, and advanced technologies.

Nukke

Nukke

Nukke offers advanced cybersecurity software and tailored solutions for your business.