Cybersecurity Insurance: 4 Practical Considerations
October 12, 2015
According to PwC’s Global State of Information Security Survey 2016 of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from 127 countries, six out of 10 respondents report that they purchased cybersecurity insurance in 2015, up from a little more than half one year earlier. That’s on the heels of Security Exchange Commission guidance from the Office of Compliance Inspections and Examinations that financial organizations consider cyber insurance as a part of their cyber-risk management strategy.
Cybersecurity insurance is also portrayed by the media as an important element of corporate cybersecurity defense in order to minimize the losses caused by growing cybercrime that organizations cannot entirely prevent in advance.
Still, there are many complicated and not particularly obvious questions about the practical implementation of cybersecurity insurance. The first, and probably the biggest, question is how long an insurance company will cover the ongoing consequences of a security incident. Once a system is compromised, it’s impossible to predict the duration of a breach’s exploitation by cybercriminals.