Preparing for the inevitable: Cyber risk insurance

Share this article:
Angela Moscaritolo, senior reporter, SC Magazine
Angela Moscaritolo, senior reporter, SC Magazine

A dizzying string of high-profile data breaches this year, coupled with the staggering cost resulting from such exposures, have ratcheted up demand for cyber risk insurance.

This year, businesses are expected to take out about $800 million in policies, according to estimates from consulting firm Betterley Risk Consultants. The insurance industry currently offers “first-party” policies, which cover the damage or theft of an organization's assets, and “third-party” policies, whichcover losses directly related to the breach, including customer attrition and victim notification.

Most of the interest now is around third-party policies for organizations that want to transfer risk, said Larry Clinton, president of the Internet Security Alliance.

$800,000,000
Estimated volume of cyber insurance premiums purchased in 2011.

– Source: Betterley Risk Consultants

Driving the uptick in demand is the rising cost of breaches and the realization that no organization is immune, Clinton said. Breaches cost organizations an average of $7.2 million in 2010, up from $6.8 million the previous year, according to a recent study by Symantec and the Ponemon Institute.

By purchasing third-party cybersecurity insurance, organizations take an unknown – the eventual cost of the breach – and turn it into a known by paying a premium and deductible, said Rick Betterley, president of Betterley Risk Consultants. “Instead of having a several million dollar loss, you pay a $100,000 premium,” he said.

The cyber insurance application process is often lengthy and requires a fair amount of work. But on the positive side, it can sometimes uncover weaknesses in an organization's security posture not obvious before, Betterley said. Third-party insurance also provides, to some extent, a roadmap for responding to a breach, he added.

Such policies are highly attractive to midsize firms in particular, Betterley said. A recent study conducted by his company of middle-market organizations indicated that 25 percent of respondents planned to purchase cyber insurance in the next 18 months.

An insurance policy for cyber risks is not for everyone, though. Some small firms might find their level of risk does not justify the cost, Betterley said. Too, very large firms that are routinely breached may discover that cyber insurance premiums exceed the benefits they offer.

Share this article:
close

Next Article in Research

Sign up to our newsletters

POLL

More in Research

Is SIEM up to the challenge?

Is SIEM up to the challenge?

This latest ebook from SC Magazine paints a lucid picture of today's SIEM capabilities and challenges to help you decide what might be the right implementation for your organization.

The Game is On: Advanced Persistent Threats

The Game is On: Advanced Persistent Threats

APTs give IT teams headaches, because they are extremely stealthy in nature and are almost always aimed at a very specific target. On the other hand, they are designed to ...

Mobile in motion

Mobile in motion

In this latest ebook from SC Magazine, we examine a number of strategies and technologies that can be implemented to manage data and protect corporate assets, while letting employees enjoy ...