Cyber Security Insurance

Cyber Security Insurance
Data security is any organization's top concern. Investments are made by organizations to secure their Business Applications, IT Systems and underlying network to avoid data breaches and keep their own and customer's data private and secure.
Organizations are also investing in buying insurance cover to protect them from cyber threats. Cyber insurance has been offered by insurance companies for some time now, and effectively used to mitigate risk under transfer of risk. However not may security professionals are aware of this and rarely offer this as a mitigating control to their customers.
Cyber security insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.
Cyber security insurance policies offered by leading insurance providers:
First Party Protection

  • Loss of Digital Assets Coverage
  • Non-Physical Business Interruption and Extra Expense
  • Cyber Extortion
  • Cyber Terrorism
  • Security Event Costs

Third Party Protection

  • Network Security and Privacy Liability
  • Employee Privacy Liability
  • Electronic Media Liability

Some organizations are not willing to opt for insurance policies as these are high cost, scope coverage is unclear and the assumption that their organizations will not be victim of such attacks.
With the increase in expenses of dealing with cyber security breaches, cyber security insurance is an easy option this is similar to other operational risks such as fire, theft, flood etc. Cyber security policy ensures cyber risks are addressed but we need to realize cyber security insurance will only financially protect us; it will not protect us from reputation loss caused by security breach. 

Rate this article: 
Average: 3 (2 votes)
Article category: 

There is 1 Comment

Although it is of immense importance to take the insurance cover against the cyber risks, it may not be adequate risk mitigation unless the cover is tailor-made for the business. I am not sure What kind of polices are issued currently ? Are these similar to traditional policies like Professional Indemnity, Commercial General Liabilities? As cyber risks are different than the other risks, traditional policies may not suffice.