- November 28, 2017
- Comments : 0
The risk gap: Cyber insurance is not equal to Cybersecurity
Acknowledging the seeming inevitability of a successful on their organization, many business leaders are turning to cyber insurance as a hedge against losses resulting from a breach. In fact, 84% of organizations in the AT&T survey have already purchased cyber insurance or plan to do so.
While utilizing insurance to transfer financial risk is foundational to a complete risk management strategy, it does not eliminate risk and should be used in combination with a robust cybersecurity plan to manage retained risk.
Not surprisingly, insurance plans that cover some financial losses caused by cyber attacks are increasingly being adopted as part of risk management strategies that also include cyber security.
Nearly 3 in 10 survey respondents (28%) plan to allocate all or most of their budget to insurance in anticipation of future incidents. Among APAC organizations, the number rises to 34%. For companies in the technology sector, 43% plan to allocate all or most of their budget to insurance.
Key takeaway: Cyberinsurance
An overreliance on alone raises concerns on several levels. First, it can divert attention (and investment) away from critical resources required to address threat protection, detection and response.
In addition, while can help recoup financial losses that stem from a successful breach, it may not mitigate other impacts including business downtime, reputational damage or customer attrition.
Leadership also needs to have a clear understanding of the rules and regulations governing insurance coverage, as well as the fine print of policy coverages and exclusions.
Many organizations that successfully acquire as part of their risk management strategies often have existing cyberdefense programs.
While has a growing role in mitigating many of the financial risks inherent in a successful breach, it can’t prevent As with any insurance, you must demonstrate that the controls in place at the time of purchase remained in place at the time of breach for reimbursements to follow.
To get the most out of any investment, insurance should be part of a more comprehensive risk management program that includes a comprehensive cyber risk assessment, mitigation, and ongoing monitoring.
HugThat way, leadership will have the information it needs to make coverage decisions that deliver the best possible outcome in case of attack.