Page 56 - Cyber Warnings
P. 56
Cybersecurity Insurance Policy and Coverage
Reading is Fundamental
by Charles Parker, II
The business of malware has become operationalized such that a majority of instances are to
generate revenue for the attacker(s) via ransomware, harvesting credentials, exfiltrate data, and
other data. To gain access to the items of value, the attackers have to compromise the system
in some form.
These breaches have an immediate impact on the affected party. The entity may need to
forward the usual notification based on the number of records or other attributes of the breach.
With these, the type of data affected must also be taken into consideration.
The activities are not free. There is not an altruistic group that has a task list and diligently works
through the list. There are direct costs involved with the items completed by the staff and fees to
third parties for professional services. If this were not to be cost enough, there are also the
indirect costs to the entity.
There would be the short-term loss of rapport with the community manifesting itself with lower
revenues, business partners in the industry not returning phone calls as they manage their fall-
out through association as much as possible.
To alleviate the issue to a certain extent, firms have looked to a new tool to manage the risk.
Over the last few years, the insurance companies have met the challenge created by then
environment with a newer form of insurance.
This new policy or rider is written specifically for breaches. As the businesses have started to
note the potential costs associated with a breach, the breach insurance started to be noticed to
a greater extent, which led to more businesses purchasing this coverage. This, at first glance,
appears to be fantastic.
There was a need for insurance when a breach occurred, and the insurance companies created
this now insurance vehicle for coverage. The implementation likewise seemingly would not be
an issue due to the presumption the business, if it were to have an issue, a claim would just
need to be filed, much like if there were to be storm damage with a residence.
Although this is the method on how this should work, with the insurance being novel at this
point, not all the policies are created equal and the business may have the incorrect policy to
begin with. The insurance companies are still molding the policies and language therein. The
insurance company’s senior management is still making the decision on what will be covered in
certain events.
56 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
