[BreachExchange] Does Your Company Need Cybersecurity Insurance?

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jan 31 20:41:12 EST 2018


Cybercrime will cost the globe’s businesses more than $2 trillion by the
year 2019 so it's hardly a surprise that so many companies include cyber
threats at the top of their list of risks. And yet, shockingly few have
taken adequate measures to mitigate the potential dangers of data breaches
and other cyber-related risks. Until now, that is. The Wall Street Journal
recently reported on a trend within the manufacturing industry toward
widespread adoption of cyber insurance. Here’s a closer look at the issue,
along with why cybersecurity insurance offers critical protection for 21st
century businesses.

A Rising Threat

The Wall Street Journal shared the story of a 'massive attack' on a steel
plant in Germany which 'highlighted how cyberattacks can be more
destructive than prosaic events like floods that are covered by typical P&C
policies.' In the U.S., meanwhile, a company recently attracted attention
from the FDA for cybersecurity threats pertaining to medical devices
acquired during a recent acquisition.

And these were hardly isolated incidents explains Daniel Steiner,
Enterprise Risk Manager at Kimberly-Clark Corp. 'There’s certainly an
increased exposure in the industry overall, especially with more reliance
on cloud providers, greater sophistication of hackers globally, and
increased consumer interactions through social media.'

Why Cybersecurity Insurance Matters

While cyber insurance was previously the domain of 'consumer-facing
businesses' attempting to safeguard against consumer data theft, the need
has crossed over into the manufacturing sector. In fact, a report from
insurance consulting firm Advisen Ltd reveals that 'manufacturers paid
$36.9 million in premiums for cyber-specific policies in 2016,” — a
staggering 89% increase over the previous year.

Not only that, as factories become increasingly connected, the importance
of network security will only continue to grow. And yet, according to the
2016 Travelers Risk Index, while cyber risks are a top concern for today’s
businesses, 'close to two-thirds of businesses surveyed reportedly have not
taken basic prevention measures, such as providing employee data protection
education and practices or creating a cyber/data breach incident response
plan. '

Selecting a Cybersecurity Policy

In addition to the implicit value of cybersecurity insurance, the act of
selecting a policy is, in itself, a strategic process. As Brent Pickens,
Director of Global Risk Management at plastic packaging maker Bemis Co.
Inc., told the Wall Street Journal, 'you get the best return out of
[insuring] what is most important for you.'

The good news? Cyber security insurance is a relative bargain when compared
to more expensive industries, like banking and retail. But this also means
companies have even less of an excuse to drop the ball when it comes to
coverage. Alliant Insurance Services’ Michael Blake told The Wall Street
Journal 'there is not a risk manager out there who wants to walk into a
board meeting to explain why he didn’t think to get a cyber insurance
quote, especially since it’s so cheap.'

All of which begs the question: Where does your company stand when it comes
to cybersecurity measures and other proactive prevention tactics?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180131/cddf9995/attachment.html>

More information about the BreachExchange mailing list