Beef up your information security before you go shopping for cyber insurance

Featured article by Jeremy Sutter, Independent Technology Writer

Insurance is all about risk management. Like with any policy, a cyber security insurance policy is cheaper if you never have to use it. Unfortunately, in recent years, there has been a big uptick in cyber security attacks. This is pushing the cost of this type of insurance up dramatically and causing many insurance companies to cap coverage at $100 million.

Although that cap is a problem for large companies, according to a study by NetDiligence, smaller organizations see the most exposure to cyber attacks. It is possible that this is merely due to there being a great many more small businesses than large ones. It is also possible that smaller businesses are less informed, have fewer resources to bring to bear to protect themselves, or have worse information security training than larger companies.

The cost of cyber security insurance varies from company to company. Some factors that impact the price quote include the type of business, the volume of data at risk (such as health records or credit card records) and the kind of information security in place at the organization.

Obviously, good security practices are a good place to invest some resources. It will both lower your risk and lower your insurance rates. The NetDiligence study also indicated that almost one third (32%) of data breaches were involved industry insiders. Additionally, more than two-thirds (67%) were unintentional and could be chalked up to employee errors. This means that
caused primarily by staff mistakes. Thus, more than one fifth (21.44%) of incidents could have been prevented with better staff training and in-house procedures.

With so many data breaches in the news, it should be no surprise that insurance rates are going up. For many organizations, it would make sense to invest more in establishing sound security protocols and improving employee training to try to both prevent an incident and bring cyber security insurance rates down.

You may think insurance is expensive, but lack of security is far more expensive. One report has estimated that a cyber attack on the American power gridcould cost up to $1 trillion. Such an incident would not only be crippling to the U.S. economy, it would radically alter the insurance industry similar to the aftereffect of Hurricane Andrew in Florida, which permanently altered the landscape for homeowners insurance.

The information age has already permanently altered the insurance industry. With the rise of business insurance quotes online and the advent of big data causing an upsurge in the use of OLAP reporting within the company, this is not your grandfather’s insurance or even your father’s. But those are predominantly positive changes, whereas a massive cyber attack upending the insurance industry would definitely be a negative impact.

Perhaps you can’t understand what that means. Let’s use a car insurance comparison to try to flesh this idea out and make sense of it in terms most people can understand: The average price of a new car is $33,560. There are currently 254.4 millionpassenger vehicles in the country. One trillion dollars’ worth of new cars would be 29,797,377.8 cars. That is 11.7 percent of all cars on the road today. That is more than one out of every nine cars.

So a $1 trillion dollar cyber attack would be kind of like if we had a catastrophic event that caused more than 1/9 of all cars in America today to simultaneously be totaled — assuming all of these cars had insurance that paid for a new replacement. Try to imagine the chaos that would cause. Not just the financial pain to the insurance industry, but the time lost from work as people go shop for new cars, try to get around without a car until they get their replacement car and so on.

It would be major economic dislocation. Granted, that probably is more dramatic than the report really suggests, because the report in question models it over a five-year time frame. It does not suggest a loss of that size happening all at once in one day. This example is just intended to help you understand the magnitude of such an event because a one trillion is a rather abstract number for most people.

Be wise. Start improving your information security practices at work today. It will not only help keep your insurance costs down, it will help protect your company and your customers from the kind of harm that insurance only defrays financially but never really fully makes up for.