DECEMBER 201819Some common types of cyberinsurance being sold now are ­1. Network Security Policy: Covers breaches to enterprise IT infrastructure 2. Privacy Liability Policy: Covers wrongful collection. Loss or theft of information 3. Media Liability Policy: Covers IP/Copyright infringement, legal claims etc. The coverage can be `self-insurance / first-party' or `3rd party' just like personal health or motor vehicle insurance. The first-party insurance covers all costs involving investigation of the breach, cost of notification to customers, public relation etc. While the 3rd party insurance can help in legal defense to any class action law suits, settlements, regulatory penalties.Current ExclusionsMost policies still do not cover state sponsored espionage and major ransomwares till now. It's highly unlikely any instrument to include intangibles like:- Loss of reputation - Opportunity cost - Cost of technology upgrade for better cyber defense Future of CyberinsuranceThis segment of insurance product is caught between believers and non-believers like any other insurance segment, but with a twist ­ Pace. Pace of change in information technology outpaces that of change in insurance policies. While converging on such a template, using currently popular security certifications such as ISO27001, is not yet scientific.While boardrooms are debating the cost vs. benefit of insuring themselves from data-breaches, one trend is getting clearer. Almost all enterprises are asking their service providers to be insured. Be it telecom providers like ATT, Airtel, Verizon, or cloud providers like Amazon or Azure or Google. It is becoming mandatory for the service providers.Also, large enterprises, who have multitude of disparate partners who have several degree of access to their IT infrastructure and data, are demanding their vendors / partners to be insured.Eventually, every enterprise is another enterprise's vendor/partner. This covers the 360 degrees of enterprise ecosystem. The security technology vendors are not sitting idle. They are forging unique partnerships with insurance companies to bundle Cyberinsurance to their products and services.The Silver LiningThe real positive in all this, is heightened awareness of `cybersecurity' among the enterprises. There is a price for the unlimited productivity growth that IT is providing to business. Either build a super strong infrastructure and a cyberaware workforce, or insure your business. The real solution is doing both, in different degrees, where it fits the budget and hits the purpose. No one needs insurance until they do. While many umbrella insurances provide `data breach rider' add-ons to their policies, the adoption of `standalone' Cyberinsurance policies is on the rise
< Page 9 | Page 11 >