Cyber Insurance: Worth the Investment?

With increased technological advances in cyber-attacks and data breaches, businesses and individual users have been looking at more options to mitigate the risks from these intrusions. These risks are typically not included or specifically defined in general commercial insurance policies. Recently, insurance companies have begun to offer cyber insurance products and services to provide coverage against losses such as data destruction, extortion, theft, hacking, and denial of services attacks. These policies allow for businesses to have a smooth funding mechanism in order to completely recover from attacks and losses without any need for assistance from the government.Cyber insurance intends to help solve a huge need for businesses vulnerable to cyber-attacks with valuable cyber assets; however, there is still room for many improvements to the products and services before they can provide near perfect protection. These improvements have been hindered due to many reasons. First, there are few sound technical solutions for mitigating these risks and it’s difficult to update these solutions with each new method of intrusion. It’s also difficult to measure and quantify the risks resulting from cyber intrusions, making it a challenge to develop solutions for businesses and individuals that attract different intentions for network attacks. Further, the users of a network sometimes take advantage of the positive security effects from insurances in which other users have invested, creating a free-riding problem with cyber insurance. Lastly, there is not enough reliable actuarial data, making it hard for insurance companies to compute premiums for buyers interested in protecting themselves and their businesses. With all of these problems resulting in the slow development of cyber insurances, the market for those products and services has had difficulty reaching maturity. Because of this, cyber insurance is not reliable enough to be the only product or service businesses and individuals purchase to mitigate risk. For the best protection, they are recommended to purchase both a risk assessment product, such as Pro-Assess, to make security changes in order to prevent intrusions, and attacks and cyber insurance to mitigate any risks that might result from those changes not being adequately effective.  

Photo: https://www.ullico.com/newsroom/bulletin-2015-3-8