Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.



Garry Sidaway, SVP Security Strategy & Alliances, NTT Com Security

In the latest Global Threat intelligence Report (GTIR), over three-quarters (77%) of global businesses remain unprepared and without a formal plan to respond to cybersecurity incidents. This is something of a shock, since prevention and planning go hand in hand, and we’ve already seen a number of major organisations this year suffer from serious data breaches and struggle to manage the impact, both to their reputation and their business.

While most organisations say it is ‘vital’ that they are insured against a possible security breach, according to our 2016 Risk:Value report, less than half are covered for both data breaches and data loss, and only a third globally (a quarter in the UK) see the need to take out a dedicated cyber insurance policy. Of those that do, many, unfortunately, fail to check the small print. Policies are taken out without sufficient research into what is available on the market and what they cover. The result can problematic – and often invalidated insurance.

Cyber insurance is a minefield of ambiguity and complexity. There are examples of insurers not paying pay out because of clauses in the small print or ambiguous policy interpretation. The problem is that cybercrime is a relatively new form of commercial risk, and insurers need clarity on the questions they should be asking about an insured party’s security before underwriting policies.

Plus, the companies looking to take out insurance often do not know enough about their own information security to answer questions accurately from the insurer. Inaccurate information can void a policy, and we see claims denied because information supplied is inaccurate.

While our own research shows that many organisations are aware that not complying with business policies or not having an incident response plan could invalidate their insurance, it’s still too easy for them to look for quick fix solutions rather than focus on building a solid information security and risk management strategy. Just because cyber liability insurance is now available, it is not an excuse to ignore basic security measures and carry on regardless.

Businesses need a different approach. Buy insurance, but ensure that you can demonstrate that you have put the right security controls in place, as well as appropriate internal and external processes and procedures, including a fully tested incident response plan – this way you know what is being insured. Worryingly, our 2016 Risk:Value report showed that only just over half (52%) of businesses say they have a full information security policy, while less than half have a disaster recovery plan.

Any business serious about insuring its vital assets, should invest in implementing relevant protection measures that can be demonstrated to an insurer. This means assessing and reducing the risks, and taking the appropriate and measurable steps to continuously monitor these risks. Only then can an insurance broker begin to understand the company’s risk exposure and create a policy tailored to the business.

It is worth remembering that cyber insurance is only likely to provide financial compensation as well – and that is probably limited to specific areas, such as legal or remediation costs. It is far more difficult to insure against the intangible consequences, such as future revenue impact or brand equity, for example, as these are much harder for an insurer to quantify.

It is almost impossible to put a price on the loss of customer trust or reputation. There is a strong relationship between security and trust – and it is very hard to put a financial value on that once it has been broken.

The following five steps will help organisations better prepare for taking out cyber insurance:

  • Assessing your risk exposure – understand their risk exposure across all areas of the business, ensuring industry best practice is considered
  • Incident response planning – create a structured response plan that clearly articulates the approach, benefits and measures for risk reduction.
  • Reducing your risk – If you can see yourself as an attacker sees you, you will be a step closer to protecting information assets and you can demonstrate to your insurer that you have robust security measures in place
  • Managing your risk – If a company can proactively demonstrate that it is taking the right steps, it sends a clear signal to insurers that IT security is being taken seriously.
  • Being proactive – Organisations must be proactive to mitigate risk, demonstrating to insurers that information security and risk management is top of the agenda.
Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts