Press Esc to close

Cyber insurance - a way for risk mitigation

Sanjeev Srinivasan Jan 29 2018, 0:02 IST
Cyber

Cyber

The recent spike in occurrence of cybercrime across the globe has made it obvious that it is no more a question of 'whether' but a question of 'when'.

The average cost to the organisation of these breaches is estimated to be close to $5 million. Multiple analyst reports place the average cost per breached record between $78 and $277. This cost is attributed to investigation and remediation activities, notifications to be sent to customers and other stakeholders, change in credit worthiness, reputation management, legal fees and settlements and any regulatory fines arising from the breach. Add to this, the intangible loss to the brand value and the change in customer behavior in response to the breaches.

Organisations no more have the luxury of imagining that they will not be targeted by malicious hackers. Remember that the hacks need not just target the data an organisation holds - the compromised systems can also be used to launch an attack on third parties it interacts with. In such a scenario, the organisation may be held liable for the damage caused to the third parties. While a commitment to security is must, it is impossible to make any system 100% foolproof. As such, it has become inevitable for organisations across industries and sizes to develop a good cyber risk management approach.

A sound cyber risk management plan will include increased cyber resilience through response and recovery, contingency planning, and as a last resort mitigation and transfer of financial risk through cyber insurance.

The cyber insurance market is still nascent, and even in the markets where take-up for commercial property and liability insurance approaches 100%, cyber insurance is purchased by anywhere between 20% to 35% of businesses based on the industry and size of the organization.

The variation based on size and line of business indicates that the low adoption rate is because of a lack of awareness in the market.

An analysis of cyber-attacks over the last three years makes it clear that an organisation's defense is only as strong as the weakest vendor they interact with. Hackers have launched attacks on Fortune 500 companies using credentials they got off vendors like air conditioning and food delivery companies. The substantial difference in procedures and protocols followed at large and small organizations forces the larger player to fall back on cyber insurance as a way to transfer the risk arising from the weak links they have little control over.

The very act of applying for a cyber-insurance incentives behavioral change in an organisation. Simple desire to get the coverage at as low a premium as possible drives the organization to conduct gap analysis.

The very first ask from underwriters is that all significant activities are logged against individual users and therefore login to the system are secure. Additionally, they require organisations to have disciplined procedures for patching software and put in place an incident response plan. They would also want to know if vendor networks are monitored regularly. Organizations would want to measure upto industry benchmarks like NIST framework and ISO 27001 as that would result in lower cost of insurance.

Further, once a policy is purchased, the insurer is invested in keeping the damage from any cyber-attacks at the minimum. This results in an additional layer of security through monitoring and rapid response services provided by the insurer to their policyholders.

While correlated risks arising from software vulnerabilities (like the "Heart bleed" discovered in 2014) and scalability of sophisticated attacks used by hackers makes risk assessment especially difficult, insurers have developed complex statistical models to facilitate evaluation of potential consequences arising from different damage scenarios.

This allows the insured to work out the best contingency plans and ensure that the critical services are up and running at the earliest possible in case of a breach, keeping the consumer backlash at minimum possible.

While cyber insurance cannot protect an organisation against reputation risk or replace strong security controls and information security programs, it does act as a last line of defense and mitigates most of the financial risks arising from a breach. Further, it also incentivizes cyber security discipline across the organisation.

(The author is the CEO and MD, Bharti AXA General Insurance)

Go to Top

More from this section
Most trending stories
Photo Gallery
A view of Sunder Nursery at Hazrat Nizamuddin in...

A view of Sunder Nursery at Hazrat Nizamuddin in...

Mahila Congress activists make 'pakodas' to protest against alleged unemployement...

Mahila Congress activists make 'pakodas' to protest against alleged unemployement...

Canadian Prime Minister Justin Trudeau and First Lady Sophie Grgoire greet visitors...

Canadian Prime Minister Justin Trudeau and First Lady Sophie Grgoire greet visitors...

Gold medalist Mariama Jamanka of Germany gets lifted by silver medal winner Lauren Gibbs...

Gold medalist Mariama Jamanka of Germany gets lifted by silver medal winner Lauren Gibbs...

Union Textile Minister Smriti Irani addresses a session during UP Investors Summit 2018 at...

Union Textile Minister Smriti Irani addresses a session during UP Investors Summit 2018 at...

A helicopter is seen flying over the besieged town of Douma, Eastern Ghouta...

A helicopter is seen flying over the besieged town of Douma, Eastern Ghouta...

Transgender Shanavi Ponnusamy arrives at the chief minister's cell at...

Transgender Shanavi Ponnusamy arrives at the chief minister's cell at...

Lufthansa tests humanoid robot 'Josie Pepper' at airport...

Lufthansa tests humanoid robot 'Josie Pepper' at airport...

Chief of the Air Staff, Air Chief Marshal B.S. Dhanoa presents a memento to the...

Chief of the Air Staff, Air Chief Marshal B.S. Dhanoa presents a memento to the...

Alpine Skiing - Pyeongchang 2018 Winter Olympics - Women's Downhill Training...

Alpine Skiing - Pyeongchang 2018 Winter Olympics - Women's Downhill Training...

Like us on Facebook

Copyright 2017, The Printers (Mysore) Private Ltd., 75, M.G Road, Post Box 5331, Bengaluru - 560001
Tel: +91 (80) 25880000 Fax No. +91 (80) 25880523
Powered by Yodasoft Technologies Pvt. Ltd.