Amid the rise of high-profile and far-reaching cyberattacks over the past few years, more firms are looking towards securing cyber insurance. Roughly 32% of firms purchased some form of cyber liability and/or data breach coverage over the six months ending May this year, compared to 29% in the period ending October 2016, according to a survey by the Council of Insurance Agents and Brokers (CIAB).
“I think more companies are understanding the value proposition… the necessity of cyber insurance, but there are still some companies, some larger organizations that don’t buy for one reason or another,” said
Travelers Business Insurance vice president Tim Francis in an interview with Information Security Media Group. He is also the firm’s enterprise lead for cyber insurance.
Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!
Among other things, he said that some firms may lack awareness of the coverage availability and what it does. Some may also be confused in choosing the appropriate product for their specific needs.
Francis said there is also the mindset that funds are better used for shoring up their cyber infrastructure. “Over the years we’ve seen, rightfully so, the understanding that security isn’t just an IT issue, but also an HR issue,” Francis says. “But sometimes those potential investments that could be made are made in prevention and with a little bit of hesitance to admit that even the best organizations aren’t bullet proof and therefore looking for a risk transfer solution.”
“I think that’s changing a little bit but I think there’s this mindset of ‘let’s spend every ounce of energy and every resource on prevention and less on understanding that… some events are destined to take place despite adequate prevention,’” he added.
Francis said chief information security officers (CISOs) should have good lines of communication and a seat at the table with rest of the C-Suite to discuss the availability of cyber insurance and its value proposition. A dialogue should be raised between risk prevention on one hand, and the magnitude of the event should it occur. “It’s not just preventing the incident – it’s managing the incident should it occur,” he explained.
“Products are available for any number of organizations virtually of any size in any industry, and they can be specifically tailored in terms of the limits available and the coverage options available,” he added.
Related stories:
As costs of cyber breaches spiral, what can brokers do next?
Are we losing the war on cybercrime?
.jpg)
