This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
With more countries embarking on Smart Nation projects, the number of connected devices and volume of data will only increase. This means that cybercriminals now have an almost infinite number of (often poorly protected) channels to launch their attacks. Underscoring the severity of issue, the Monetary Authority of Singapore (MAS) has urged companies to boost their cybersecurity initiatives, as well as adopt cyber insurance. As such, the market for cyber insurance is expected to reach $7.5 billion in premiums by 2020, with apparent demand by the finance industry, along with a forecast of new investments from the healthcare industry.
While it is good news that companies are taking increased measures by moving toward cyber insurance to underwrite potential losses generated from cyberattacks, such as lawsuits, investigations, and business ramifications from exposed trade secrets, it is important to note that while cyber insurance can help to manage losses, it needs to go hand-in-hand with a robust cybersecurity infrastructure in order to add real value to your business.
Insuring the intangible
Cyber insurance can be likened to fire insurance; most businesses insure and deploy significant detection, prevention and response measures such fire suppression systems, fire resistant materials and fire drills, resulting in maximum risk coverage. In the same vein, companies should prioritise the deployment of a strong cybersecurity infrastructure consisting of robust detection, prevention and incident response measures, which results in an overall effective and efficient risk management plan that lowers your insurance premium too.
The industry is already making great progress to support the distribution of cyber insurance. For example, credit rating services such as FICO Enterprise Security Score allows cyber insurance providers to access cyber infrastructure and measure risk exposure, as well as forecast the likelihood of cybersecurity incidents in order to tailor policies and premiums for companies with different needs.
The next step is for the government to support the cyber insurance ecosystem through the enforcement of mandatory and regulatory laws on cyber security. Such legislation can benefit the industry as a whole as it ensures a minimum standard for any given company's cyber infrastructure, which enables cyber insurance companies to lower their premiums.
Process, People and Technology
As cyber insurance can be a reasonably large investment for organisations, it is essential for companies to enforce strong cyber security fundamentals and best practises to maximise their dollars. For example, the financial industry is governed by mandatory laws that require banks to retain sensitive customer and transaction information, resulting in higher premiums. However, for businesses that do not revolve around transactions, holding customers' payment information is counterproductive. Instead, these companies should consider outsourcing payment methods to third party providers, which will take a big amount of risk away.
Sign up for CIO Asia eNewsletters.