Cyber security insurance grows in popularity
It's possible to insure against most things these days, but cyber security insurance is a relatively new field and findings by NSS Labs show that it's becoming more popular. The report rounds up a number of recent surveys which put cyber insurance adoption at around one third of large US businesses.
NSS Labs cites a recent Ponemon Institute survey of US risk management professionals which show that respondents now see the need to guard against cyber security problems as comparable to other risks like fire and natural disasters. The same survey also looked at who makes the purchasing decisions on cyber insurance and found that it’s more likely to be risk management teams that influence the decision rather than IT security staff. When it comes to determining the required level of cover most respondents used formal risk assessments carried out by their insurer.
As a result of this increased interest, insurance providers are getting involved in the creation of the NIST cyber security framework. This is raising their profile in the information security field and the White House hopes it will encourage a competitive cyber insurance market. Proposed reform of IT security laws in the EU is also expected to boost the adoption of cyber security insurance in Europe.
NSS Labs concludes that not only should companies view cyber insurance as a key part of their overall risk strategy, but also should make more use of their IT security teams when selecting insurance and establishing risk profiles. It also suggests that insurers need to take more time to understand the difference between security products and the differences in protection possible when using specific products.
Andrew Braunberg Research Director of NSS Labs says, "More transparency regarding cyber risk and cyber attacks is expected to drive greater adoption of cyber insurance as a means of demonstrating better corporate risk management. It is becoming a mainstream assumption that insurance carriers can help organizations with cyber risk management, both in the traditional risk transfer sense and in the broader sense that they can act as neutral arbiters of cyber security best practices. This is readily demonstrated in the recent push by the White House to promote greater insurance carrier participation in the National Institute of Standards and Technology (NIST) effort to create a cyber security best practices framework for critical infrastructure providers".
The full report is available as a PDF on the NSS Labs website.