In an increasingly digital economy, the value of data is undeniable. But are cyber insurance premiums, which promise to pay out in the event of data loss, a viable solution to the problem?
According to the blog ITPro, 2018 is going to be the year of data insurance. Pointing to the growing number of data breaches that occur each year around the world, it concludes that the demand for cyber insurance will significantly increase in 2018. At the moment, it claims “only 19% of UK companies are covered for losses associated with cyber security breaches and data theft”.
ITPro also acknowledges a reluctance among insurers to dip their toes in this particular sector. And businesses have so far been turning away from the insurance products already available, thanks to restrictive policies that don’t offer value for money.
What’s changed, then, that would boost uptake of cyber insurance?
Cyber Insurance Gets A Second Wind
The number of businesses hit by cyber attacks and data loss is huge. 46% of small businesses suffered at least one security breach last year, with that number rising to 66% for medium-sized firms and 68% for large ones.
In response to this threat, cyber security spending has increased, and no doubt initiatives like the government-run Cyber Essentials scheme are helping to raise awareness. This equips businesses with basic security knowledge, and checks them against a range of relevant criteria. It is, however, entirely optional.
Legislation, though, does have a part to play. The introduction of General Data Protection (GDPR) has brought the issue of cyber security sharply into focus. As part of these new rules, businesses and organisations of all sizes now have a legal obligation to protect the data they hold about EU citizens, so lax security is less of an option than it once was.
Bearing these factors in mind, it’s easy to see why insurers might be tempted to the burgeoning cyber security market. The problem of rising cyber crime, though, remains. Even if businesses are becoming more switched on to security, surely this is outweighed by the risks?
Cyber Insurance Made To Measure
For those who provide coverage, insurance is always going to be a gamble. But insurance companies are experts at playing the odds; they know just how much to charge to make their risks acceptable, and they seem to possess limitless inventiveness when it comes to wriggling out of making payments.
Any company wanting to claim on their cyber insurance would probably have to meet certain requirements – just as a homeowner would when trying to claim on their contents insurance. In this analogy, a policy holder would struggle to get a payout if it were proven that all their windows and doors were unlocked when a burglary occurred. Similarly, if you let criminals essentially ‘walk’ into your network and access your data, that might be enough to void your insurance.
Another way insurers could make this market viable would be to simply increase the price of premiums, providing a greater level of cover but at a much higher price.
To Insure Or Not To Insure
Is cyber insurance worth it? It depends. For a start, how do you place monetary value on data? If you were to lose contracts and invoices as the result of a data breach, the financial impact could be enough to put you out of business. Your insurance might pay out, but will their figure be enough to keep you afloat? If it’s anything like the payouts you get when you write off a car, you’ll possibly find yourself disappointed and placed firmly on the back foot.
On the other hand, many policies protect against ransomware. If you suffer such an attack, these insurers will pay the ransom for you, so you can (hopefully) regain access to your files. If the cost isn’t unreasonable, this kind of insurance could be a worthwhile investment.
In principle, the idea of insurance makes sense, but it’s really a matter of balancing the cost against the risk, and looking for policies that aren’t too restrictive. And if ITPro is right in its assessment, you could have a much wider range of insurers to choose from this year.
An Industry In Meltdown?
One major fly in the ointment, however, is the Meltdown and Spectre bugs that were discovered last week – long after ITPro made its prediction about insurance. Patches are actively being released or worked on to protect against these computer processor flaws, but those aren’t expected to be exhaustive solutions.
With such serious security weaknesses potentially hanging around for years to come, it’s possible that insurers could be scared away or that premiums could rise.
Whatever happens, it’s clear that cyber security is at the heart of all this. If you want insurance, and you don’t want it to cost an arm and a leg, you need good cyber security. If you don’t have or want insurance, then you need to pay even more attention to your security.
Either way, much of the responsibility ultimately rests on the shoulders of businesses.