What you should know about cyber insurance

Decades ago, a group of merchants created a concept of general average—which is when all parties in a maritime venture share in losses resulting from a sacrifice of cargo in an emergency. What this group fashioned in 1890 was a method for merchants to insure their shipped goods. Upon landing, merchants whose cargo landed safely were expected to contribute a portion to merchants whose goods had been lost at sea. With this, an early form of insurance was born. If we look at cybersecurity today, our information could be lost in a digital ocean we call the worldwide web. From a threat lens, the volume of attacks continues to rise as adversaries become more determined, persistent, and hostile with cyber attacks. Attackers will continue to: - Move faster and more efficiently, - Breach organisations with targeted campaigns, - Focus on consumers across social media, mobile, and connected platforms, and - Aim to take advantage of the emerging Internet of Things. The impact of a cyber attack to an organisation’s brand, reputation, and business operations can be catastrophic. Therefore, organisations need to plan proactively but prepare for the reactive, which includes insurance for goods, intellectual property (IP), and commerce—the assets sailing across the digital landscape. Welcome cyber insurance. Stressing on the importance of cyber insurance, Ajathashatru Verma, Director, CSS and SOC, India, Symantec says, “There are two key factors that attribute to the rapid adoption of cyber insurance, new regulations which obligate companies to respond to information breaches; and the increase of targeted attacks. Cyber criminals are becoming more determined and employing non-traditional vectors, to infiltrate an organisation either for espionage or simply for identity theft, payment fraud, and other financial crimes." Data breaches cause reputational harm and business interruptions, but most of all—they’re expensive. It’s no longer a matter of “if”, but more a matter of “when”, therefore relying on traditional IT defenses alone only creates a false sense of security; no organisation is immune from risk. Many are now turning to cyber insurance as another layer of protection, Verma explains further. Cyber insurance offers organisations protection to limit their risk, however, organisations should consider all coverage options carefully. “It’s not about checking off a box; it’s about finding a policy that protects the organisation’s brand, reputation, and operations if they are faced with a breach,” Verma warns. Listing down some steps that enterprises can take to safeguard themselves, Verma shares, “Symantec’s Internet Security Threat Report Vol.20 highlighted that 60 percent of targeted attacks were aimed at large enterprises in India. Organisations not only need to plan proactively but also prepare for reactive measures, among which a major step would be insurance for assets& intellectual property (IP). Cyber insurance is evolving as fast as technology. What is considered core coverage today was not available as little as three years ago, and enhancements to coverage are being negotiated in the marketplace every day as data breaches and cyber risks continue to evolve.”