Cyber incidents these days tend to follow a familiar pattern: law enforcement is contacted and will begin criminal investigations. Cyber forensic investigators are hired to piece together what happened and security consultants will analyze and remove the malware from any affected systems. Finally: customers who were affected are notified and – typically -offered free credit monitoring services. All of these services come at a cost, of course, as does the business disruption that results. Current cyber insurance policies are structured to recover some or most of those costs.
Now companies – from the Fortune 10 on down – are looking to hedge their online risks with various kinds of business insurance. That demand, in turn, is fueling a rapid expansion of the cyber insurance industry that was little more than a niche offering five years ago.
But insurance industry experts and corporate security professionals offer words of advice for companies that think they may want to insure their cyber risks: caveat emptor.
At AON PLC, the London-based firm that is the world’s largest reinsurance broker, Kevin Kalinich, AON’s Global Practice Leader for Cyber Risk, says that data from the company’s Global Risk Insight Platform (GRIP) – a repository of insurance placement data – shows the cyber insurance market growing at 38% annually. That is about twice the rate, measured by market sales, of the next fastest growing market that AON tracks, according to Kalinich.
But Kalinich argues that the market is just getting going. “If companies think about a single line of insurance covering data breach and loss of PII (personally identifying information), then that’s a narrow scope of the problems that we’re solving,” said Kalinich. “If you think about companies increasing use of technology and information assets, then you’re talking about every activity that everyone does.”
Read more over at IT world via Cyber insurance: Only fools rush in | ITworld.