Managing Digital Risk with Cyber Insurance
Since there's no way to eliminate security risks, a panel of industry players at the RSA Conference say insuring against cyber attacks or network downtime is increasing in popularity.
''Cyber insurance will become as ubiquitous as automobile insurance,'' said Erin Kenneally with the San Diego Supercomputer Center. ''There's no such thing as complete security. It just doesn't exist... With automobile insurance and cyber insurance, both mitigate loss and damage.''
Digital losses generally are not covered under most corporate insurance policies, and that leaves companies open to suffering great financial damages with no safety net in place.
''If people filed a claim on their property insurance for an automobile accident, it would be denied,'' said Mark Silvestri with CNA Insurance. ''The same situation exists in the cyber world... There is coverage against employee theft, property and valuable paper, but cyber loss is not covered under those policies because it's not tangible. We needed something that filled in the gaps.''
But Navetta quickly pointed out to the conference audience that insurance is not a substitution for having strong, layered security in place.
''Insurance is not intended to replace technology,'' says Navetta. ''We are trying to weed out the companies that don't have the security in place that they need... If you don't have security, you're not getting insurance.''
Navetta said he wasn't in a position to say exactly what types of security technologies companies need to have, but did say that insurance agents put potential clients through a thorough interview, checking for policies and policy enforcement, along with an overall attitude toward security.
''At this point in the industry, we're getting a lot of submissions,'' notes Navetta. ''We're trying to get the good risks right off the bat, and as the industry grows, we'll try to get some others.''
He adds that as an increasing number of insurance companies get into the cyber arena, insurers will be forced to accept companies with more risk, and also will have to lower their prices.
Silvestri says they have been seeing a 'noticeable uptick' in cyber insurance business, and he expects that trend to only pick up.
''Now they realize hacking events aren't just nuisances,'' says Silvestri. ''Now they're worried about serious economic loss. And that will drive them to buy coverage.''