A rash of hacking attacks on U.S. companies over the past two years has prompted insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover.
On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :
“Insurance is gambling with risk, and insurers need to ensure the house wins, they do this with data to stack the deck in their favor. One of the challenges for insurers was identifying the scope of potential financial liabilities when it comes to a data breach. Much of this has been due to the lack of data to understand the potential financial impact of a breach. However, with the rise in high profile breaches, insurers finally have data they need to assess risk and the results are staggering.
Insurers see that the financial risks of a breach to a company go far beyond initial clean up and identity theft protection for customers affected. As customers, banks and even the government files lawsuits against breached companies, the financial impact of a breach is skyrocketing.
The higher prices and limits on liability are a correction based on actual losses by insurers associated with breaches. Companies that have been seeking to offset their risk by focusing on investment in insurance, will be increasingly better off investing some of those funds into better cyber security initiatives, particularly around controls designed to detect data breaches in progress. We know that eventually prevention will fail and companies that invest in the ability to detect and quickly remediate an attack will be in a better position to block attackers before major damage occurs.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.