Cyber insurance could be limiting security

Cyber insurance could be limiting security

Cyber insurance could be limiting security Over reliance on cyber insurance could lead to security breaches thanks to a distorted focus, a leading cyber expert has said.

Principal security analyst at global cyber security firm Websense, Carl Leonard, said that when company’s shift their focus to insurance rather than mitigation, they leave themselves open to attack.

"The focus really needs to be on making sure that you have the best [security posture] possible, so that you can work dynamically, embrace new technologies and work in a fast-paced environment, rather than simply focusing on cyber insurance,” Leonard told

"Insurance is not going to solve the underlying root problem of being able to understand what threats you are faced with and how best to mitigate those."

Leonard stressed that companies will soon have to prove that they have exhausted all mitigation options as cyber insurance develops as claims will be paid according to stricter guidelines.

"It might be that when we go into the cyber insurance details that they want some sort of proof that a business has taken the necessary steps for their payout to be valid," Leonard said.

"We can draw parallels with other industries, and we have seen that claims in the healthcare sector are already being disputed, so I think we're going to get to the point where it's up to businesses to show that they have necessary steps to show they have done all they can to mitigate risk.”
  • Robert Cooper 29/06/2015 12:46:26 PM
    I have heard this kind of argument before on other classes of insurance. "People do not care about security because they have Burglary cover" or "people do not care about making mistakes if they have Professional Indemnity cover". Most people know that making a claim takes up a number of hours that are not claimable, and excess to pay that is their portion and brand reputation that can affect future sales.
    Most people treat Insurance as a back up for when managing the risk prudently ends up failing. Cyber Risk cover we expect will be treated the same.
    Post a reply