Cyber Insurance Is Sexy

So bland is the insurance business perceived to be, that it’s the stuff of Hollywood comedy. In the 2004 film Along Came Polly, Ben Stiller played a skittish, risk averse insurance adjuster with actuarial data on bathroom hygiene at his fingertips (no pun). Woody Allen famously depicts his hapless criminal Virgil Starkwell locked in solitary confinement with an eager insurance salesman in the 1969 mocumentary Take the Money and Run. Cruel and unusual punishment, indeed.

Insurance may be boring- but its a hot topic right now among companies looking to hedge their risks of a damaging cyber attack.
Insurance may be boring- but its a hot topic right now among companies looking to hedge their risks of a damaging cyber attack.

Boring though they may be, insurance markets are incredibly important in helping society manage risks of all sorts. Insurance markets also have a funny way of shaping behavior – both personal and commercial – in ways that serve the public interest.

Take the response to Hurricane Sandy as just one example. Law makers in Washington D.C. may never agree on whether that storm was a product of a warming climate. In fact, they may debate the ‘facts’ of climate change from now until the end of time. But property owners and businesses in that storm’s path are already adjusting to the reality of a more volatile climate – moving critical electric, environmental- and building management systems onto higher floors. And they’re doing so because of pressure from private insurers to mitigate future risks from flooding and storm related damage. The conversation, as it were, is over.

Many of us would like to see the same thing happen with cyber security – especially given the justified concerns about regulating an industry as dynamic as the tech sector and (more immediately) Washington’s difficulty passing even straightforward legislation. (Highway funding, anyone?) A wider reliance on cyber insurance to hedge risk may well have the effect of enforcing best practices on organizations across industries – from authentication to application development. That would replace today’s variable and ad-hoc approach to security, in which each company is left to survive by its own wits.

And change is happening – slowly. Check out my recent blog post over at Veracode on Why (Cyber) Insurance Is Sexy | Veracode Blog.

Comments are closed.