Historically the insurance industry has responded to many aspects of business and life in which risk exists and there is a need to mitigate that risk by sharing it or transferring it to others through insurance policies. Over time, actuarial science has enabled insurance companies to accurately predict the odds or likelihood that some insurable event might take place for a given set of circumstances i.e. a fire, accident, death, theft of property, etc.
Given the incredibly rapid growth of information technology and the risks associated with its world wide use, insurance underwriters have a serious challenge in identifying and measuring these risks in financial terms that enable them to provide appropriate and reasonably priced insurance products to cover claims. This challenge is compounded by the speed of change coupled with the alarming growth of cyber crime. As the information technology revolution has progressed into the mainstream of our economy the insurance industry has responded. More companies are getting on board with insurance policies responding to the growing complexity of the IT and Ecommerce industry. At the same time the insurance policies being offered are getting more specific and focused on how the IT is being utilized by different organizations. Policies that were once generic and all-encompassing are now being created in modular formats that can be organized to more specifically meet the needs of different entities.
In a future blog I will present a guide designed to be a tool for companies and organizations to assist in a process of identifying their cyber security risks and evaluating their need for cyber liability insurance. It is written it in plain language based on my real world experience over the last 18 years as an insurance salesman and my close work with emerging technology clients in the IT space. I will talk about what I consider to be universal truths about risk management as well as a practical methodology for identifying and evaluating your organizations needs and how to obtain appropriate insurance policies to meet those needs.
I believe it is important to mention here that insurance is not intended to be a solution or preventative measure with regard to a cyber security breach. Insurance should be purchased only after appropriate security measures have been implemented. Insurance is intended to provide financial assistance to pay the costs associated with an event that could not be prevented with reasonably applied security measures.
Learn more about cyber liability insurance in a podcast at the National Cybersecurity Institute.