Managing Digital Risk with Cyber Insurance

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
SAN FRANCISCO -- Since there's no way to completely eliminate securityrisks, a panel of industry players here at the RSA Conference saidinsuring against cyber attack or network downtime is the course that agrowing number of companies are taking.

''Cyber insurance will become as ubiquitous as automobile insurance,''said Erin Kenneally with the San Diego Supercomputer Center. ''There's nosuch thing as complete security. It just doesn't exist... With automobileinsurance and cyber insurance, both mitigate loss and damage.''

Digital losses generally are not covered under most corporate insurancepolicies, and that leaves companies open to suffering great financialdamages with no safety net in place.

''If people filed a claim on their property insurance for an automobileaccident, it would be denied,'' said Mark Silvestri with CNA Insurance.''The same situation exists in the cyber world... There is coverageagainst employee theft, property and valuable paper, but cyber loss isnot covered under those policies because it's not tangible. We neededsomething that filled in the gaps.''

David Navetta with AIG Insurance says cyber insurance policies range fromInformation Asset Coverage to Electronic Theft and Cyber Extortioncoverage.

But Navetta quickly pointed out to the conference audience that insuranceis not a substitution for having strong, layered security in place.

''Insurance is not intended to replace technology,'' says Navetta. ''Weare trying to weed out the companies that don't have the security inplace that they need... If you don't have security, you're not gettinginsurance.''

Navetta said he wasn't in a position to say exactly what types ofsecurity technologies companies need to have, but did say that insuranceagents put potential clients through a thorough interview, checking forpolicies and policy enforcement, along with an overall attitude towardsecurity.

''At this point in the industry, we're getting a lot of submissions,''notes Navetta. ''We're trying to get the good risks right off the bat,and as the industry grows, we'll try to get some others.''

He adds that as an increasing number of insurance companies get into thecyber arena, insurers will be forced to accept companies with more risk,and also will have to lower their prices.

Silvestri says they have been seeing a 'noticeable uptick' in cyberinsurance business, and he expects that trend to only pick up.

''Now they realize hacking events aren't just nuisances,'' saysSilvestri. ''Now they're worried about serious economic loss. And thatwill drive them to buy coverage.''