Cyber insurance is on the increase. An ever-increasing number of high profile incidents, not to mention the high volume of events that we don’t hear about, means that insurance underwriters must implement realistic premiums and policy terms and conditions if cyber insurance is to be beneficial to policy holders and profitable for the insurance industry.
With life insurance, many lifestyle choices influence insurance policies and their premiums such as smoking and participating in dangerous sports. Demonstrating a healthy weight and absence of any historical life-threatening conditions reduces the risk and reduces premiums. Similar processes have evolved with car insurance and the no claims discount. For stereotypical high-risk drivers, telematics has become popular to monitor driving patterns and set premiums accordingly. Members of the Institute of Advanced Motorists, who have passed their advanced driving test, are able to get car insurance at a very low premium. A typical policy restriction on car theft is that a car must be locked when unattended. Insurance companies would not pay out if a car is left unlocked, or worse, with the key in the ignition for example. Likewise, home insurance policies require doors and windows to be locked, and for locks to be up to a specific standard for policies to be valid.
It stands to reason that similar standards and policies will evolve with cyber insurance. For a cyber insurance policy to payout, policy holders will need to demonstrate that they have met an agreed standard of cyber defence. In much the same way that not leaving possessions visible in a car reduces the risk of cars being broken into and claims being made, having better cyber defence reduces the risks and is more important than relying on insurance to pay for any damage. In addition to the growing need for cyber insurance, there is a growing need for specific advice that people can follow to reduce exposure to risks; a minimum standard of cyber defence that must be met across the board.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.