Cyber insurance is on the increase. With an increasing number of high profile data breaches, not to mention the events we don’t hear about, insurance underwriters must implement realistic premiums and policy terms and conditions if cyber insurance is to be beneficial to policyholders and profitable for the insurance industry.
With life insurance, many lifestyle choices influence insurance policies and their premiums, such as smoking and participating in dangerous sports. Demonstrating a healthy weight and absence of any life-threatening or preexisting conditions reduces the risk and reduces premiums. Similar processes have evolved with car insurance and the no claims discount. For stereotypical high-risk drivers, telematics has become popular to monitor driving patterns and set premiums accordingly. Members of the Institute of Advanced Motorists, who have passed their advanced driving test, can get car insurance at a reduced premium. A typical policy restriction on car theft is that a car must be locked when unattended. Insurance companies would not pay out if a vehicle is left unlocked, or worse, with the key in the ignition, for example. Likewise, home insurance policies require doors and windows to be locked, and for locks to be up to a specific standard for insurance policies to be valid.
It stands to reason that similar standards and policies will evolve with cyber insurance. For a cyber insurance policy to payout, policyholders will need to demonstrate that they have met an agreed standard of cyber defence. In much the same way that not leaving possessions visible in a car reduces the risk of vehicle theft and claims, having better security lowers the risk and is more important than relying on insurance to pay for any damage. In addition to the growing need for cyber insurance, there is an increasing need for specific advice that people can follow to reduce exposure to risks; a minimum standard of cyber defence across the board.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.