T-Mobile. Sony. Ashley Madison. In recent years, cyber security attacks have rightfully risen to the forefront of media with each new damaging digital hack. Resulting in the loss of literally billions of dollars, there is a clear need for not just improved digital security measures, but cyber insurance as well. Once believing itself immune to the potential effects of digital intrusion, Sony learned this lesson firsthand (after losing $170 million) and has since rectified its former naive mentality; but will the rest of these corporate behemoths, and smaller enterprises as well, learn from Sony’s misstep?
In fact, according to the Verizon 2016 Data Breach Investigation Report, all companies, large and small, across the entire planet, are vulnerable to potential cyber attacks. What’s more is that an immense 62% of cyber breach victims are, in actuality, small-to-midsize businesses. Then take into account the fact that the average cost of these breaches are $3.79 million and it is clear that organizations of all sizes need to, at the very least, prepare for the possibility of a cyber attack or they may face dire circumstances.
Fortunately, capitalism is taking note. Many organizations have already assessed this risk and have begun to prepare accordingly. Between breach prevention controls and strengthened security services, companies are beginning to take back control. Although there are several ways enterprises can mitigate their risk, cyber insurance likely presents the best option. According to a survey conducted just this year, 59% of businesses are, fortunately, incorporating cyber insurance into their budgets.
Now the question beckons: what is cyber insurance? It’s a type of insurance (predictably so) that offers a variety of products and services intended to protect businesses from internet-based risks. Although these sorts of policies have existed for the last decade, they are only recently gaining traction considering the recent prevalence of digital intrusions by ill intentioned but digitally savvy thieves. However, it is not just because of the recent high-profile attacks that cyber insurance has jumped to the forefront of conversation, it’s also because governments themselves are actually encouraging business to purchase such policies in an effort to mitigate these damaging attacks.
In this light, it is understandable why (in the United States, anyway) the cyber insurance market has grown exponentially from only ten insurers to the 50 that it now boasts. Last year, the cyber insurance market remarkably accounted for $2.75 billion in the American economy; and that $2.75 billion is expected to triple in size as early as 2020, less than four years from now.
Although it is clearly a burgeoning industry with a lot to offer, that is not to say cyber insurance is immediately attainable. On the contrary, companies need to undergo an in-depth analysis by their hired insurance company before they are cited a price on their customized policy. Insurance companies need to understand their possible client’s risk profile before they are able to provide an accurate price point, which, of course, is understandable. They look at things like the scale of the business, the sensitive nature of the data that said business is handling, and the company’s overall current security measures.
Even after providing a price point and a deal is made, there is no guarantee that there will be an attack or not, and that if there is an attack, that the policy will actually be able to cover the costs in their entirety. Considering the hypothetical nature of insurance in general, this only stands to reason. Regardless, in today’s day and age, the prevalence of cyber attacks are only becoming worse and a policy, even if it does not cover the entire costs of an attack, is more than worth it.
Moving forward, it is of the utmost significance that CEOs and entrepreneurs understand the potential implications of a pervasive cyber attack; and not only that they understand, but that they act accordingly before it’s too late.