Echoworx Talking Security –
Cyber Insurance: What it is and how it works
The final product of cyber insurance policy is a bit like Frankenstein’s Monster – where a final product is the result of many different parts sewn together. And knowing which parts to include and which to exclude can be consequently difficult. But who exactly at an organization should be involved in the procurement process? Who needs to be involved in the ultimate decision of what get included in a cyber insurance policy?
Big companies or banks are used to executing tasks on a collaborative basis across their industry – something they call ‘blame-sharing basis.’ And for cyber insurance procurement, their process is simple: they discuss what is available to them and conduct a needs analysis before making a unanimous decision to be applied across their cybersecurity environment.
For smaller companies, the procurement process can be more complicated. While management in different departments might be involved in the decision-making process, there is a tendency to offload the task of identifying cybersecurity needs to an IT department.
But, while an IT department might have a better grasp of cybersecurity, input from every department is important for creating a three-dimensional assessment. Risk management might fall on any one person at a smaller organization, possibly even the CEO or a Board of Directors, who should ultimately be making decisions regarding cybersecurity. It’s important to recognize that a cybersecurity issue might be multi-layered whose success is not dependent on knowledge of said issue alone.
If a smaller company lacks the resources to accurately address their cyber insurance needs, they might seek the services of a third-party assessor. Like going to a doctor when sick, a consultant offers a neutral assessment of what needs to be covered, what can be omitted and, ultimately, can recommend what sorts of policies to consider. Since it can get expensive fast, seeking third-party advice is never a bad idea when exploring options.
The one thing a government body hates is reading about themselves in the paper – especially when it comes to data breaches or ensuing lawsuits. While cyber insurance might appear as an unnecessary expensive add-on within a public service budget, it’s important to remember that governments exist because of public support. Without being adequately protected in the instance of a messy breach, being covered can help a public body save face.