Last month, former Secretary of Homeland Security Michael Chertoff said the most significant threat we face as a nation is cybersecurity. That’s a pretty jarring statement given the threats our country faces in terms of terrorism and war, for instance. But the reality is, cyber networks have become the gateway for risks both on the global terrorism front as well as within our internal circles at our places of business.
With watchful eyes geared towards security threats, interest in cybersecurity insurance continues to rise. The Department of Homeland Security and the Department of Commerce have identified cybersecurity insurance as a viable opportunity to thwart the effects of security breaches and attacks by:
- Promoting widespread adoption of preventative measures;
- Encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; and
- Limiting the losses that companies face following a cyber-attack.
Cybersecurity insurance can cover risks including data breach or loss, network damage, and cyber extortion, though less tangible damages such as client losses or reputational damages may be more difficult to find coverage for.
The cybersecurity industry, particularly the insurance companies themselves, are working diligently to address increasing concerns and identify potential risks so as to properly protect businesses in the future. Insurance companies, for example, have a naturally vested interest in promoting greater security to minimize risks, as they will, in the end, be required to pay out cyber losses to any affected parties. Therefore, according to Bloomberg Law, “an insurer can require a policyholder to establish that it has adopted certain precautions and practices before the insurer will issue coverage. The [Internet Security Alliance] asserts such requirements may eventually become de facto standards that are tailored to fit the needs of diverse businesses.” Insurance companies may also exercise the benefit of offering lower premiums to firms already employing cybersecurity best practices.
What is the future of cybersecurity insurance?
It’s hard to say at this point, as the industry continues to evolve at a rapid pace. With security risks of a diverse nature, it will take time for the proper authorities, including Homeland Security and the Internet Security Alliance – as well as the insurance providers – to work together in identifying a list of comprehensive cyber risks and encouraging effective precautions and best practices. We’ll be keeping our eyes and ears open to any developments on this in the near future.
For more information on cybersecurity, check out these interesting reads:
- Cyber Security is Changing: How to Build a Secure Hedge Fund
- Hedge Fund Cybersecurity: Preparing Your Firm For an Intrusion
- Best Practices for Managing Security Risks (Webinar Recap)
Bloomberg Law, Cybersecurity: Moving Toward a Standard of Care for the Board,” http://about.bloomberglaw.com/practitioner-contributions/cybersecurity-moving-toward-a-standard-of-care-for-the-board/
Department of Homeland Security, http://www.dhs.gov/publication/cybersecurity-insurance