Cyber liability insurance: Leveraging an old concept for modern challenges
Despite modern security challenges, there are modern solutions emerging to help customers navigate security risks, reduce risk for enterprises, generate better security hygiene, and perhaps even foster stronger standard bodies. One solution is taking an old concept, insurance, and modifying it for the data age.
Insurance is a concept that has existed since the Babylonians built the hanging gardens, and likely in some form before that. Insurance generally exists in a love-hate relationship with those that are covered. However, it is often deemed essential (or made essential through law) to cover the many what-ifs of life.
We discussed in the prior section several ongoing security challenges related to liability and business risks that are causing customers to reconsider pursuing digital transformation. However, what if customers’ digital footprints were insured? What if damages from a breach were paid through an insurance company, or if an expert recovery team was funded through a policy that would be dispatched as soon as there was an incident? And what if such a policy included damage control and positive marketing services following a breach? This would make customers much more comfortable by mitigating part of the risk associated with taking the technological leap toward digital transformation.
This is not an “aha” moment. Cyber liability insurance already exists on the market. It is defined by the International Risk Management Institute Inc. as:
A type of insurance designed to cover consumers of technology services or products. More specifically, the policies are intended to cover a variety of both liability and property losses that may result when a business engages in various electronic activities, such as selling on the Internet or collecting data within its internal electronic network.
Most notably, but not exclusively, cyber and privacy policies cover a business’ liability for a data breach in which the firm’s customers’ personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network. The policies cover a variety of expenses associated with data breaches, including: notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.
Companies such as Nationwide and Hiscox, among a long list of others, provide it. However, it is hardly brought up in the digital transformation discussion, and TBR believes it has important market impacts as well as drives opportunities for current security vendors. In terms of the market, TBR believes the more mature cyber liability insurance becomes, the faster organizations will adopt digital transformation. It would be beneficial if cyber liability insurance were part of the conversation when a vendor leads a digital transformation implementation, just as car insurance must be a consideration when buying a new car.