Insights Into the Kind of Cyber Coverage Companies Want

February 18, 2016

P/C insurers have struggled to keep up with the fast-evolving and growing demand for cyber coverage. A new report gives the industry some clues about what their customers want.

Compiled by Security Current, an information company for CISOs, the roundup provides perspectives from 10 chief information security officers in multiple industries on the future of cyber insurance and how it serves their needs and solves potential problems.

A common theme: Cyber insurance has become a necessity, regardless of industry, but don’t forget the importance of a strong cybersecurity program to minimize the risk of an incident.

The CISOs told Security Current they see cyber insurance as a necessary and beneficial part of any company’s security and risk strategy, but they recommend closely evaluating the language in the policy to understand both what is covered and the conditions stipulated by the insurance companies.

Here are some highlights:

Principal Financial Group CISO Meg Anderson: “All parties should be sure there are clear guideposts for handling changes related to technology infrastructure—on premises, in the cloud or provided in other ways outside of your organization…In the case of a breach, the worst-case scenario would be to find out your insurance was voided due to a contractual issue related to a control change.”

Fairfax County CISO Michael Dent: “Cyber insurance, if procured correctly, can truly help offset the costs of a breach. What cyber insurance cannot do is repair the reputation of an entity once it is publicly announced a breach or successful hack occurred and records were exposed.”

Live Nation Entertainment CISO Jonathan Chow: “I think it’s necessary and smart for every company to have a policy with a reputable carrier; but the challenge the industry faces is the actuarial model that insurance companies rely on is not capable of predicting who or what is at risk…We’ve seen companies who have mature, robust, well-funded security programs be successfully breached. And there are obviously companies with minimum security programs that have no problems at all.”

Read the full article from Security Current here: “10 CISOs Say Cyber Insurance Is Growing and Evolving, but Adoption Comes with Caveats.”