We talk a lot about how businesses should be prepared for data breaches. No matter how well protected your company is, sooner or later someone will succeed in penetrating your network. At that point, it’s all about your company’s detection and response capabilities. It helps to have a trusted cyber security partner to help see you through this critical period of mitigation, investigation and recovery.
But there’s one other way businesses can be prepared, and that’s with cyber insurance. Various reports assign different numbers to the cost of a data breach, but no matter which one you believe, the losses are high and can be difficult to recover from. Cyber incidents rank as the third highest global business risk, according to Allianz, and cybercrime costs the global economy $445 billion per year.
It’s no surprise, then, that cyber insurance has been receiving a growing interest from business. Highly publicized ransomware attacks and breaches of sensitive data have propelled this interest. Companies are looking to protect themselves from the financial, legal and reputational damages a breach can inflict. Cyber insurance helps cover costs like forensic investigations, crisis management, legal fees, and settlements.
Growth of the cyber insurance market is well underway in the US, where it’s been driven by the breach disclosure laws in force in most states. The European market is comparatively younger. It’s expected to expand, however, as the approaching EU General Data Protection Regulation drives companies to consider transferring their risk by way of insurance. PwC predicts that the global cyber insurance market will grow to $5 billion in annual premiums by 2018, and $7.5 billion by 2020.
Jani Kallio, Director, Risk & Security Management Consulting at F-Secure, says insurance is a recommended part of an organization’s overall cyber security strategy. “F-Secure’s Cyber Security Services teams work with companies on many levels to help improve their security posture, and in our work, we see that the eventual breach is inevitable,” he says . “Companies should do their best to defend their networks, and they should also have insurance to handle the consequences of any mishap.”
One of the key advantages of cyber insurance is the post-incident response services that many insurers provide their customers. Preferred response professionals provide expertise to help companies through the crisis – and hiring your own vendors can be considerably more expensive than using those provided by the insurer. F-Secure’s own cyber security experts provide such services in cooperation with Finnish insurance company LocalTapiola. F-Secure provides post-incident forensic investigation services to affected companies, as well as damage control and recovery services.
Cyber insurance is no substitute for good security. But with a good cyber insurance plan, a company can minimize the disturbance a cyber attack causes, and get back to business quicker.
Image: Getty Images