5 steps to protecting executives from a whale phishing attack
Browsing the hundreds of security predictions I received last month, most of what I saw was expected – thoughts about the future of ransomware, DDoS attacks, the security of the Internet of Things, and even artificial intelligence and machine learning . What surprised me was the number of cybersecurity insurance predictions. This is not a predictive topic that normally gets into my mailbox; In fact, it’s a topic that rarely comes up in my conversations with security experts. Hence a mention of a Cybersecurity insurance I noticed the prediction. And then I noticed it was mentioned several times and wondered why.
Cyber insurance is on the rise as more companies adopt plans and more underwriters expand their portfolios and increase their premiums, Jake Olcott, VP of Business Dev at BitSight, told me in an email. Okay, that makes sense. While I couldn’t find any related information on US companies and the adoption of cybersecurity insurance, I found that these types of insurance plans grew 50 percent in the UK between 2015 and 2016. According to Infosecurity Magazine, a CFC underwriting survey found:
23 percent said that the “fear factor” of a costly attack drove them to invest in insurance, even more (26 percent) named the European General Data Protection Regulation (GDPR) as a factor. . . . Over half (53 percent) of respondents said that electronic cybercrime is likely to lead to an increase in insurance claims, followed by “non-physical business interruption” (25 percent).
Rick Tracy, Chief Security Officer and Senior VP of Telos Corporation, told me that the problem with cybersecurity insurance is that there isn’t a lot of actuarial data that can help insurance carriers insure Cyber riskwhich means that the overall impact of cyber risk and the associated financial liability are critical to the insurance industry. Because of this, Tracy’s prediction said:
In the future, it will not only be important for insurance companies to better understand the risks of individual customers, but they will also need to see this data for their entire portfolio in order to understand the aggregated risk and ensure that it is not excessive.
Olcott said he believes in order to make cybersecurity insurances credible and justify their costs, companies and underwriters will use a big data analytics approach in 2017, adding:
Beyond the data, there is a new focus on what happens during the life of a business relationship. Underwriters will begin developing programs that promote better safety hygiene. Just as health insurers have developed non-smoking policies or offer discounts on gym memberships, cyber insurers reward companies for taking a more proactive approach to cybersecurity.
This idea corresponds with the forecast made by Emy Donavan, North American head of cyber at Allianz Global, who believes we will see cyber insurance policies that are tailored to specific industries, rather than a one-size-fits-all approach.
While I don’t expect much about cybersecurity insurance in the New Year, I think we’ll see new approaches to insurance coverage, especially as the threat of cyberattacks increases.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her reporting on security issues for IT Business Edge, her security articles have been published on various websites such as Forbes, Midsize Insider, and Tom’s Guide. You can reach Sue on Twitter: @sueporemba