Cyber Insurance Can Bolster Digital Defences

Insurance can complement a considered cyber security strategy

Hacktivists and criminals are always seeking and discovering new ways to exploit vulnerabilities.

Although most organisations work hard to remain one step ahead of attackers, in truth we will never be able to prevent every potential attack. New threats are developing as fast as the technology to prevent them, in a worrying game of cat-and-mouse.

In light of these facts, two things are becoming clear to businesses of all types and sizes.

First, if you suffer a breach, it will cost you. According to the NTT Security '2017 Risk:Value report', an annual study of business decision-makers' attitudes to risk and the value of information security to global organisations, the average cost of recovering from a security breach for UK organisations is £1.1 million - above the global average of £1 million.

Second, you will suffer a breach. In fact, 63% of respondents in the Risk:Value report agree that a data breach is inevitable at some point. Interestingly, only 47% say preventing a security attack is a regular board agenda item, suggesting that more still needs to be done for the issue to be taken seriously at a boardroom level.

Estimates have put the global cost of online crime at more than $400 billion a year, and growing constantly. The range of threats is expanding and growing more complex, encompassing cloud technologies, applications, services, mobile devices, the Internet of Things and more.

Take it seriously

When responding to the increasing number, types and costs of addressing threats, businesses tend to follow a predictable pattern. Some deny the risk exists or question its validity. Others take token steps towards prevention that actually have zero effect on their risk exposure.

A third and growing group, however, take these threats seriously - and even after making an effort to increase their security and risk posture, consider purchasing cyber-insurance policies to offset any remaining exposure. In fact, the 2017 Risk:Value report reveals that 40% of global firms took policies out this year, with another 35% considering it.

Cyber insurance is designed to provide coverage for an organisation's liabilities - internal and external - in the event of a breach, but because this is still a new and developing market, both purchasers and underwriters face a range of new demands and problems.

"No insurance policy is a complete security solution, and it is certainly not a licence to be...