Cyber attacks have shifted from a 'what if' to a 'when'. In turn, businesses are doing what they can to mitigate the risks of an attack more intensely now than ever. However, even the shiniest, flashiest solutions can't guarantee complete safety.
With that slightly miserable thought, businesses must have protection in place in the event of an attack. While the technical solutions will tick over as best as they can, organisations must also consider investing in cyber insurance as a means for damage control.
The current state of cyber insurance
Cyber insurance is not as ubiquitous across businesses as one might think. In August, the Association of British Insurers found that uptake of cyber insurance was particularly low. More specifically, it found that up to 89% of companies at that time could be without cover.
Across the pond, Statista found in September that, in the US, there is an evident coverage gap as over half of the respondents had not discussed cyber insurance with their insurance broker.
These findings are quite surprising given the shift in attitudes towards cybersecurity. What once was only a priority for IT and security teams is now shared across the entire organisation. Lack of cyber insurance awareness could be partly responsible, as cybersecurity awareness itself is still very new.
Other reasons for why a business may not have cyber insurance includes concerns costs associated with it or because they feel their business profile does not necessitate it. However, these companies perhaps aren't realising the damage that cyber attacks have the potential to cause. To revert back to the cost concerns, the financial damage in the aftermath of an attack will be significantly worse than the initial investment in insurance.
Then, of course, there is the risk of reputational damage. This is especially relevant to companies who don't have insurance because they think their security is handled well internally. That may be the case, but you won't be able to take such pride if your company suffers a data breach.
Ignorance versus insurance
Cyber insurance covers a number of areas, including cyber extortion cover, privacy breach costs, hacker damage, and more. However, different insurers offer different policies and services that can help businesses meet their unique needs. This can include risk assessments and contingency plans.
Overall, organisations can reap great value from cyber insurance. However, it hasn't quite 'caught on' in the way the cybersecurity industry would hope. Again though, the key factor in this is awareness, or lack of. It must be; if businesses actually knew the level of damage an attack could cause, as well as the likelihood of one, the stats may not appear as they do.
Furthermore, while cybersecurity awareness is one thing, cyber insurance awareness is another. When we discuss cybersecurity solutions, insurance just isn't on people's radar. Instead, people like solutions they can see work or measure, leaving insurance as an afterthought.
However, the conversation surrounding cyber insurance is brewing and growing, and reports do show an increase in uptake annually. We must be getting somewhere.
Don't miss our CxO of the Week, Howie Liu at Airtable.