Cyber insurance isn't new. In fact, it's been around for close to a decade. But recent high-visibility events, including the breach at Heartland Payment Systems (a compliant company) and the cyberattacks on Google, have executives in every industry re-evaluating their security defenses in fear that they could be next. And they very well could be.
Some would argue that we're losing the battle against hackers, thieves and spies, and that the sheer existence of cyber insurance proves that companies are expecting to get hit. So, are companies just giving up?
In recent testimony, Dennis Blair, former director of national intelligence, stated that recent intrusions are a wake-up call to those who have not taken the information security problem seriously. He added that “new cybersecurity approaches must continually be developed, tested and implemented to respond to new threat technologies and strategies.” The overall message: We're not doing enough to proactively defend our networks.
Cyber insurance, although practical, doesn't outweigh the need for strong, layered, proactive defense systems that take measures to monitor and actively respond to internal and external threats. An insurance provider may be able to make a business whole again, but it can't completely undo the massive brand damage that happens when sensitive customer data is lost. And, by the way, cyber insurance doesn't protect the consumers whose data was lost. So what kind of a message does purchasing cyber insurance send to your customers?Whether we're up against a lone hacker, cybergang or state-sponsored attack is now irrelevant. The fact is that we are all potential targets, and the volume and sophistication of these attacks is growing. It's clear that as an industry our focus must be on delivering proactive counter-measures based on real-time technology in order to keep the bulls-eye off of our backs.