Cyber insurance for enterprises: Deloitte

Article Synopsis :

The growing number of cyber attacks experienced against organisations has rendered cyber insurance an imperative, according to this Deloitte paper.

Cyber insurance is an imperative

Benefits are not only short term (cover for the short term risks), but in the long run, it ensures sustainability in a volatile business environment.

Cyber insurance can cover losses associated with data breaches, compromised confidential information, and even business disruption. The complexity of the cover will depend on the nature, complexity, and maturity of the business concerned.

Good cyber coverage coupled with an active security programme can provide coverage across:

• liability for loss or breach of data;
• business disruptions due to cyber incidents;
• remediation costs in response to a breach, ie forensic investigation, notification of affected parties, etc; and
• regulatory fines, penalties, and associated settlement costs.

Despite the growing need for cyber insurance, there are six key obstacles to large scale participation in this insurance market:

• A lack of understanding: Limited clarity on types of cyber risks covered under cyber insurance and amount of coverage required along with associated premiums.
• Security controls versus cyber-insurance: Buyers are unsure of cost-benefit analysis of mitigating or transferring cyber risks to an insurer.
• Existing cyber insurance policies lack standardisation: Lack of understanding over how much exposure is actually covered. Description of coverage terms, conditions, and exclusions are not standardised in cyber insurance policies. Different providers have varied features that make value and price comparisons a challenge.
• Claims litigation uncertainties: Buyers fear claim litigation uncertainties that arise from differences over which policy applies, or whether policy language indicates coverage. This leads to difficult claims management and settlement of disputes.
• Lack of relevant artefacts or references: Cyber-coverage claims and disputes have not reached critical mass and there is a lack of references that leave buyers uncertain over success ratio of the claims settlement process.
• Wide range of coverage: The buying process can be complicated, buyers must assess coverage needs and match policies with exposures while comparing alternatives. This introduces uncertainty over coverage required against what the organisation may already have in place.

The answer is not simple, says Deloitte, but there are five things organisations should do before selecting a cyber-insurance policy. They are:

• understand your organisation’s risk exposure;
• understand policy complexities;
• balance the cost of premium and implementation of security controls;
• understand the claims process up front, and
• implement a robust incident management process.

Link to Full Article:: click here

Link to Source:: click here