Increased Cyber Crime Could Mean That Your Organisation Must Meet New Security Requirements For Insurance Eligibility
Raytheon / Websense have predicted that due to the complexity and unpredictability of cyber attacks, insurance companies look likely in 2016 to move towards a ‘must have’ and ‘evidence based’ model. This will mean the customer organisations will be forced to meet new, more sophisticated minimum level requirements for policies to be eligible for coverage.
Why The Changes?
In recent years the frequency of attacks on organisations by cyber criminals appear to be increasing. Recent high profile victims include TalkTalk and JC Wetherspoon, and their stakeholders.
The sophistication of the criminal schemes and the willingness of criminals to widen their areas of attack and to play the ‘long game’ have also become more apparent in recent times. For example security firm Symantec recently discovered that dozens of fake accounts are used by hackers across the LinkedIn. The hackers are thought to be mapping the networks of business professionals and gaining their trust with a view to luring them to malware-laden websites, stealing their personal details, and launching spear-phishing campaigns!
Continuous technological advances and the growing value of data to organisations (and cyber criminals) are also major contributing factors to the inevitable evolution of cyber security insurance.
What Kind of Changes?
It is thought that cyber insurance actuarial models look likely to be based in future upon four factors:
What Could This Mean For Your Organisation?
The short answer is of course greater cost and more hoops to jump through in order to make sure that your organisation’s insurance eligibility is protected.
Already Happening in America
A recent Wells Fargo survey showed that 85% of US companies with over $100 million annual revenue have bought cyber or data privacy insurance. The same survey showed that 44% have since filed a claim after a breach.