Despite the Equifax breach costing the company more than $242 million only about 35 percent of companies have cybersecurity insurance, Aon Risk Solutions Senior Vice President James C. Trainor said.
The statement was made at the SC Media RiskSec Conference in New York during a panel discussion on cyber insurance with Tony Parrillo, CISO at Schneider Digital.
Trainor added the cyber insurance market collects roughly $3.5 billion in premiums annually, but some studies estimate global loses to cybersecurity incidents are as high as $600 billion every year meaning organizations are just absorbing the costs associated with these loses.
Large businesses such as Target and Sony have already figured out the importance of cyber insurance as they were both covered when they were hit with their respective breaches.
“The problem with a small or medium-sized business that doesn't have insurance or IP is the consequences are catastrophic,” Trainor said adding if a small business suffers a cyber incident, they are going to be out of business.
Insurance companies are going to raise the floor for cybersecurity for small businesses across the world and help provide a big step in creating a better culture of security, Parrillo said, and this will help everyone, including consumers, as their data becomes better protected.
If an insurance firm tells a company to adopt firewalls and other security tools to decrease their risks and or as an incentive for lower premiums, companies are going to listen, the panelists noted.
The panelist also mentioned that cyber insurance companies will most likely begin monitoring the perimeter security of their clients to make sure there is good cyber hygiene at least on the exterior which could be reflective of how secure firm is on the inside.
In some ways insurance companies will have more of an impact than government regulators and may also lead the front in threat sharing as companies would be more willing to share information with them as opposed to government agencies, he added said.
“Insurance companies are primed to be able to gather massive amounts of cyber information from their constituents, scrub it clean and share it anonymously, no other company in the world has that kind of power,” Parrillo said.