Cyber Insurance – the New Black?

Cyber Insurance, the New Black?

by Sara Goldberger

Cyber attacks and cyber insurance, it’s on everybody’s lips and on the surface it seems relatively simple – a breach, there are victims, data is lost, and the insurance company pays up. It doesn’t seem that different from other insurances. With all of the reports of breaches over the past few years, some very alarming in terms of their scale, everyone wants cyber insurance coverage and believes this will protect them.

But there are many misconceptions about cyber insurance. For example, a UK Government survey last year showed that 52% of CEOs believe that they have coverage, yet less than 10% actually do. So what exactly is “cyber insurance,” what does it cover, and how does it cover cross-border crime?

Cyber-insurance protects businesses and individuals from Internet-based risks. Many insurers say that risks of this nature are typically excluded from traditional commercial, general liability policies. Coverage provided by cyber insurance policies may include:

  • First-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks;
  • Liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation;
  • Other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.

There are several considerations to keep in mind when buying cyber insurance. Costs vary widely, but to purchase a $1M policy typically costs $5K to $25K per year for a medium-sized company. However, cyber policies might not pay out if your claim is delayed. Which raises the question: what happens if your organization suffers a breach during the coverage period but do not become aware for some time? An insurer may also not cover your claim based upon employee negligence or if your organisation failed to adhere to minimum required security practices specified in the policy.

And what happens if you suffer a cyber attack? Interestingly, 81% of US companies that have bought cyber insurance have never filed a claim. The median-sized claim is $76,984, though there are a few that are much bigger. It is those outliers that push the mean average claim up to $673,767. And what expenses does the claim cover? More than half of the claims that insurers pay out on cyber policies include the expense of legal and forensic specialists. Over 40% of claims recover the cost of notification to affected individuals and the cost of providing credit monitoring services.

In the Global Economic Crime Survey 2016 Report, cybercrime climbs to the second most reported economic crime affecting 32% of organisations, while at the same time close to 60% of the surveyed organisations do not even have a cyber incident response plan in place. Many companies also report feeling a lack of support and a notion of “not knowing what to do when an attack happens.” Organisations such as IT and auditing consultancies offer some help and support, but they rarely have a corporate-wide view. That’s an area where two recently formed organisations – Cyber Rescue Alliance and the Global Cyber Alliance can make a difference.

Cyber Rescue Alliance; is a Pan-European organisation aimed at helping the approximately 12,000 European SMEs that hold sensitive data on over 5,000 individuals. The organisation delivers a Comprehensive Business Response solution that includes instant, practical crisis management guidance and tiered response capability from pre-vetted organisations. In other words, the solution offers coordinated, tangible and practical business assistance across the full spectrum of challenges that follow a breach. In the event of an attack, Cyber Rescue Alliance will provide practical help and assistance to the many smaller businesses that can’t invest in a full-time CISO or PR Consultant with those services in order to mitigate the impact of a cyber-attack. In other words, it is the across-corporate, one-stop approach that makes Cyber Rescue Alliance unique.

Global Cyber Alliance (GCA) is unique as it partners across borders and sectors. Based on the organisation’s mantra “Do Something. Measure It.” GCA’s first effort is to tackle phishing, which is often the source of a breach. GCA is partnering with several organisations to implement two solutions:  to drive the deployment of DMARC and use of secure DNS services, and then to measure the effect — so that we all may accelerate eradication of phishing as a systemic cyber risk.

While addressing, and responding to, the needs of different sized organisations, Cyber Rescue Alliance and GCA are working together, thus ensuring that perhaps one of the biggest business problems of our time – cyber-attacks – are given the attention and solutions it needs. Only through this cooperation can we ensure that companies are implementing the best security practices available in order that cyber insurance policies will indeed insure them against these risks.

The author, Sara Goldberger, is the Head of Communications Global Operations and IT at Zurich Insurance Group and Board Member of GCA partner, Cyber Rescue Alliance. You can follow her on Twitter @saragoldberger.

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance. 

Initially published on – http://globalcyberalliance.blogspot.ch/2016/05/cyber-insurance-new-black.html

So why are weekly commutes so scary, again?

When job hunting you come across the oddest reasons for being turned down, one of the oddest is geographic proximity. If I look for a job in the London area, a likely scenario, what is the big deal with me doing a weekly commute? On my dime and time, might I add. As long as I’m in the office 8.30 Monday morning isn’t that all that counts?

Is is this purely a UK issue? It being an island and all?

I frankly don’t understand, which is why this BBC article is so strange for me. While we’re not all property tycoons living in South of France I still don’t see the big thing about weekly commutes.

On the contrary, I see it as a possibility to personal growth and professional development.

http://www.bbc.com/capital/story/20141118-the-worlds-longest-commutes

After careful consideration….

When job hunting, this is an automated message we’ve all received and we know that those words isn’t the beginning of a new and fruitful relationship. Fair enough and not that much of a problem; an organisation should recruit the person they believe can do the job.

No, what bothers me is the time lapsed between the application and this answer. Yesterday I submitted my CV to a large company for a Communications Director position. I immediately received a confirmation that they had received my application. And 32 minutes later I received this follow-up message:

Thank you for your recent application to XXXX.

After careful consideration we have decided not to progress with your application at this point in time as we have identified candidates that more closely match our requirements.

Please continue to review our current opportunities on the careers page of our website at xxx, to ensure consideration for future roles.

Thank you for the interest you’ve shown and may we wish you every success in your search for a new role.

Yours sincerely,

XXX Talent Acquisition

Really? My application was carefully considered for the whole of 32 minutes. And that during a time of day when not many are at the office. How careful can you be in 32 minutes? Personally, I not only find this behaviour unprofessional I also find it rude.

I understand we all play the Taleo guessing game and unless my CV doesn’t contain the correct key words it won’t show up. But I would advice the responsible managers to programme an automated timer to the answer and hold it for 24 hours. It would at least make you look minimally professional.

 

Gender Equality in the Board Room

To all of you crying out for women in your board room I have the following question and comment:

  • What is you think a woman can do but a man can’t? (And vice versa…)
  • Instead of crying, open your eyes and look around. We’re here and we’re competent.

Is Microsoft the Global Police Force?

Right or wrong Microsoft is pushing their cloud solutions and I’m sure they are good, or at least no worse than other cloud solutions on the market. What I wonder about though is the strategy behind the commercials, it’s all very nice and worthy to be the cloud solution behind big public events. However, what I don’t understand is why Microsoft are so proud over their Digital Crimes Unit, or proud might not be the right word, but personally I would think twice before publicly and globally market the fact that a privately own company has taken on a global police role. While I can see the need to keep up to speed and even anticipate threats, it’s always good to be able to stop attacks on a cloud solutions. But posing as an alternative, private, police? Has the support for and belief in the police force sunk so low that companies retreat to their own cyber crime solving units? I’m not speaking about research and monitoring, I’m speaking about Crime Units that helps find criminals – all according to Microsoft’s own words. Public Private Partnerships, PPP, is a fairly usual way for the public sector to work with the private sector and it can be a very good for all involved. But I personally believe strongly in the so-called state monopoly on violence. I am certain Microsoft’s Crime Unit finds cyber criminals, I mean it’s their job, but what happens then? Are these criminals reported to the national police force in the country the criminals are found? Microsoft deals with them themselves? And what in the eyes of Microsoft constitute a crime? It’s not a subject for a commercial, true, but I’m not so certain that I find this approach of Microsoft’s reassuring.

Google’s Tribulations – Déjà-vu all over again…

By now it hasn’t escaped many that Google’s UK boss Matt Brittin didn’t know his own pay when asked in the cross party hearing about Google’s UK tax polices. While it must be a nice problem to have, that’s not my gripe. Nor am I discussing the tax deal whether it was fair or not. But I wonder about why Google seemingly doesn’t seem to see the PR snafu in this story. If I headed up a company and a senior company representative floundered like this at a question and was called “evil” on camera I’d definitely consider that as something of a [minor] PR disaster.

The whole thing reminds me painfully about the SOPA hearings, the same thing there – the IT industry at large sent one lawyer that like the Lone Rider faced a committee of hostile Senators and even more hostile pro-SOPA representatives. And if companies like Google hadn’t shut the Internet down for a day, SOPA would have been introduced there and then.

I so surprised every time I see this happening. One of the biggest companies in the world and they behave worse than a start-up managed by a 20-year old from Mother’s walk-in closet. It’s like Google don’t care about their reputation. Or does Google think that their reputation is so good that they are impossible to harm? Or that because they of their size and market position have nothing to worry about? I find their arrogance amazing. And what more I find their attitude to me as a customer demeaning. Look at the situation – Prime time TV and one of the main star actors doesn’t know his lines. One can argue that Mr Brittins salary wasn’t the subject of the hearing, but he should have been prepared. I feel a little bit insulted on behalf of my métier, weren’t we (and I speak about PR and Communications practitioners) involved in the preparations? Or did Google didn’t feel it was necessary?Where we involved, but not listened to? Did Goole think that this was purely a fiscal question? And that once the deal with the UK government was closed, that was it? No repercussions? No questions asked? And what more, why seemingly no preparations, foresight or strategy from Google’s side?

As said, Google’s tribulations and floundering – déjà-vu all over again…

Perception is all…

Am sitting at home and in general feeling like the weather here in Zurich today i.e. grey and dreary. At least yesterday it was a thunderstorm where at least one has the impression of something happening not just muddles along. I have lost my voice, which soon will pass, I look for a new position which a process hopefully soon is accomplished, I’m nursing a herniated disk – but life has that quality that you CAN lift yourself in the shoestrings, pick yourself up and start again…

So in times like these I do like I always do, muse about the little things around me and isn’t it interesting how perception is all? I mean we are aware that it’s the case but somehow it doesn’t strike home all the time. I just pressed two oranges, I know that I will get the same amount of fibres, vitamins and juice by eating them but somehow they taste better as juice. Molten butter on toast tastes far better than molten butter on un-toasted bread. Molten cheese tastes far better as fondue (after all I live in Switzerland) or as cheese chips than molten cheese that has been left out on the kitchen counter. How come? And then there is the matter of semantics, my favourite – as those of you who knows me privately will know – is umbrella, it can just as easy be a parasol can’t it? At least in Northern Europe, we’d much more prefer to use a parasol because it’s connotations than an umbrella. Right?

But what makes it so difficult to change these perceptions? Sometimes when I go on about the umbrella/parasol twist the person in front of me stares at me as if I was Chewbacca’s country cousin just landed from a Galaxy far far away. Is it because change is difficult? Is it because turning our old truths upside up or down is hard to manage? Is it because someone shedding new lights on something we thought we knew how to makes us feel uncertain?

Följ

Få meddelanden om nya inlägg via e-post.

Gör sällskap med 1 225 andra följare

%d bloggare gillar detta: