Echoworx Talking Security –
Cyber Insurance: What it is and how it works
Before beginning to shop for cyber insurance, your organization should take every precaution to protect against cyber threats. Although premiums for cyber insurance can be high, they are not uniform and are relative to what exactly is being protected. For example, in home insurance, covering a home without any security precautions is going to be more expensive than insuring a home with an alarm system installed.
These same proactive security measures can be applied to organizations seeking lower cyber insurance premiums. By developing a comprehensive cybersecurity program rich in proactive measures, like encryption, prior to shopping for insurance, your organization might be eliminating many of the risks or threats they originally intended to protect against.
But you can’t eliminate all risk.
Known as ‘residual risk’ or ‘tail risk,’ any threat which cannot be protected against or accounted for is what your organization needs to be seeking insurance for. In the above home insurance example, this type of risk would manifest itself in any threat beyond a home owner’s control – like a burglary which occurs despite a security system.
For cyber insurance, residual risk is a contextual problem unique to each industry and organization. Before shopping for a cyber insurance policy, your organization should consider what exactly makes you unique on the threat landscape, from risks you cannot prepare for, like state-sponsored hacking, for example, to something as simple as what your organization ultimately can or cannot afford. This, in turn, should help lead to the best policies for your organization at the best prices.