The difficulties of securing appropriate cyber coverage are escalating, especially in light of the recent cyber-attacks that hit large companies and firms such as Target and Sony.
Insurance firms are afraid of the large losses related to cyber-attacks, said vArmour chief cybersecurity strategist Mark Weatherford during an RSA conference. Some insurers have even excluded cyber losses from their list of covered risks under general business policies. Others have resorted to creating standalone cyber insurance specialty products.
It is because of that fear, Weatherford argued, that insurers can get picky when it comes to choosing which clients can be covered by cyber insurance. Even then, some insurers limit the amounts their policyholders can recover after they have been attacked.
While insurance underwriters are currently wary of the risks involved covering for cyber-attacks, it could be an opportunity for the larger cybersecurity industry to capitalize on, Weatherford said. He went on to describe cyber insurance as an avenue for companies to “offload some of their cyber risk,” but warned that companies will need both cyber insurance and adequate cybersecurity measures.
Insurers that sell cyber policies want to know what security measures their clients have in place before they set rates, Weatherford continued. “Very few people are able to buy as much insurance as they want.”
Weatherford then suggests that businesses that want to secure cyber insurance without issue should have their own cybersecurity system in place, in order to raise insurer confidence. Protective measures can also potentially help businesses qualify for lower premiums, he added.
