Vulnerable Cyber Defence Creates Market For Cyber Insurance

With data breaches, ransomware and cyber attacks increasing at an alarming rate worldwide, the cyber insurance market is booming as well. 

The costs of data breaches run in the millions and take months, if not years, to recover, repair and investigate.

According to an annual HP study released last week, the average annualized cost of cyber crime incurred by a benchmark sample of U.S. organizations was $12.7 million, representing a 96 percent increase since the study was initiated five years ago.

The results also revealed the time it takes to resolve a cyber attack has increased by 33 percent during this same period, with the average cost incurred to resolve a single attack totaling more than $1.6 million.

The numbers make a compelling case for cyber insurance. With about 50 carriers in the country, an increasing number of companies are availing cyber insurance offers.

The best policies cover costs associated with alerting customers, plus forensics, call center setups, consumer identity monitoring, legal fees and a crisis management firm. But that may only dent the disaster. Policies don’t address loss in profits due to customers jumping ship. A policy can’t prevent a marred brand reputation, according to the Huffington Post.

An interesting finding is the important role cyber insurance can play in not only managing the risk of a data breach but in improving the security posture of the company. While it has been suggested that having insurance encourages companies to slack off on security, our research suggests the opposite. Those companies with good security practices are more likely to purchase insurance, according to a Ponemon Institute study released earlier this.

Global companies also are worried about malicious code and sustained probes, which have increased more than other threats. Companies estimate that they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month, according to the report.

When asked about the level of investment in their organizations’ security strategy and mission, on average respondents would like to see it doubled from what they think will be spent—an average of $7 million to what they would like to spend—an average of $14 million. This may be a tough sell in many companies.

However, our cost of data breach research can help IT security executives make the case that a strong security posture can result in a financially stronger company, the study added.