Following the news that insurance claims for data breaches are being made at a rate of more than one a day, Matt Walmsley, EMEA director at Vectra Networks commented below.
Matt Walmsley, EMEA Director at Vectra Networks:
“PwC puts the total value of cyber insurance premiums today at $2.5bn, rising to $7.5bn by 2020 as more companies globally try to mitigate their financial risk.
“However, such is the infancy of both the insurance and the understanding behind it, insurance providers can struggle to accurately size and price the risk. Also, many firms lack the tools and data insight to support a claim and help law enforcement.
“No cyber policy claim is viable without actionable intelligence as to what transpired, where it took place on the network and how the criminals got in. In much the same way that an insurer will want to see CCTV footage after a break in, cyber insurers will need similar data from policy holders to support a claim. Therefore, a range of security visibility tools and counter measures, such as network threat management, are necessary to ensure the validity of any policy and subsequent claim.
“Of course, prevention is better than cure. By automating detection using the very latest self-learning security tools, and with it the response to an incident based on early indicators, many attacks can be “nipped in the bud” before they become costly incidents. This not only reduces the risk for the insurer, but for organisations it is a risk reducing capability that could be argued should reduce premiums. Ultimately, Insurance can provide transference of the financial risk of some cyber attacks but can’t help repair the associated reputation damage.
“We are seeing growth in corporate cyber extortion using intelligent ransomware and other malware leveraging artificial intelligence. This is going to be a major evolving trend for 2017. Automated tools are a key measure for both detecting a breach when it happens, as well as providing clear and concise evidence to insurers. When investigating the extent of the incident and quantifying risk levels at both the time the policy was taken out as well as following an incident, accurate insight is paramount.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.