Once a plan is developed, it must be tested. Envisioning and responding to imaginary cyber attack scenarios will help organizations better prepare for legitimate threats. Testing varies according to business size, Simonson says. Mom-and-pop shops may only need to test their strategies once per year, while larger organizations will need to practice on a more regular basis.
Insurers are in a unique position because they not only have to safeguard against security breaches; they also assist other organizations after cyber attacks occur. “What we’re seeing is that all entities in all industries are increasing their use of technology and information assets,” explains Kevin Kalinich, cyber security expert at Aon.
There is a perception that businesses have heightened their risk of cyber attacks through greater use of new technologies such as big data and cloud, says Kalinich, but this is not the case. These technologies don’t necessarily make exposures worse, he explains, but they do change the nature of security breaches -- and how insurers respond.
Prior to the recent breaches at Home Depot and Target, cyber insurance was increasing at a rapid rate of 38 percent per year -- almost twice the growth rate of any other line of insurance. Since more high-profile breaches have been publicized and more organizations are demanding cyber insurance, carriers have begun to step back from offering coverage.
As insurers examine their own security strategies, they are also trying to determine how to administer cyber insurance policies without incurring losses, says Kalinich. Since this is a new area for insurers, the industry is working to figure out which areas of cyber security warrant the greatest scrutiny from underwriters.
On a positive note, the highly regulated nature of financial services organizations has proved an asset to their security strategies. Whereas executives in other businesses often don’t recognize the necessity of risk management, Kalinich says, insurers and other financial companies are accustomed to paying great attention to security mandates.
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio