Cyber Insurance No Fix For Lax Security

The growing danger of breaches is creating a cash cow. Insurers are selling more than a billion dollars in cybersecurity insurance policies annually.

17 June 2014


As with death and taxes, we’ll always face hackers. No matter how much the security industry tries to plug leaks, the ever-inventive bad guys will find new holes to exploit. The growing danger of a data breach is creating a cash cow for insurance companies, which are now selling organizations more than a billion dollars in cybersecurity policies annually.

But buying insurance only treats the symptoms of inadequate security — and not the underlying causes of breaches. In fact, even as a partial sop, insurance can be inadequate. Using multiple underwriters, a company can only cobble together, at most, about $300 million in cybersecurity coverage, the New York Times recently reported.

But the price tag of a really big public breach can hugely exceed that sum. In fact, some experts estimate the cost of Target Corp.’s holiday data breach could exceed $1 billion  in fines alone. And that’s just one breach.

Cyber-attacks’ Incalculable Costs

Compromised security can cause vast and hard-to-calculate costs to a firm. Given the publicity, Target’s customers presumably became skittish about shopping there. Subsequently, the retailer’s fourth-quarter profit dropped by 46 percent from the same period in the prior year. And fines and dipping sales are among the more fairly tangible costs. “The loss to the brand is essentially unmeasurable,” as the Times noted.

This situation offers a major opportunity to underwriters — in the United States, cyber insurance:

  • Is now the fastest-growing niche in the insurance industry
  • In 2013, saw a 21 percent increase in demand
  • Had a total of $1.3 billion premium payments last year

Footing the Cyber-attack Bill

For the United States in the last year, the Ponemon Institute (a nonprofit security research organization), offered the following statistics:

  • There were 29,087 records exposed or compromised per breach, on average
  • Each record involved in a breach cost incurred a cost of about $195
  • The total cost of a breach was typically about $5.8 million

According to the study, the overall cost of data breaches to companies globally rose 15 percent from the previous year, to $3.5 million. Most companies never discover that they’ve been breached; they also don’t always publicly report the ones they do detect, the Times claimed.

But cyber assaults are definitely a serious threat. There's even fear among experts that these attacks eventually may not just crush individual companies — but actually damage the global economy, noted a recent Bloomberg BNA piece.

Security Happens Now

There is much to learn about cyber threats. However, to put it mildly, you don’t want to be paying the tab for a major data breach. Luckily, businesses can take steps to harden their security and processes today.

So, if you’re considering buying cyber insurance, you should also think about best data security practices, inside and outside of your firewalls. And the dialogue should be with all your employees, partners and suppliers.