In observance of National Insurance Awareness Day, I thought I’d discuss cybersecurity insurance. I have mentioned it in a few previous posts and thought this would be the perfect opportunity to delve deeper on it. The US Federal Trade Commission (FTC) has an entire page devoted to it. Many organizations cannot afford cybersecurity insurance, but in time it is likely to become an essential part of doing business.
Multiple online sources state the first cybersecurity insurance policies were written in 1997. That is well before most of us were online. These early policies “covered only third party suits arising from breaches originating from outside the company” according to an Insurance Journal article. Now, policies have first-party and third-party coverage. This is a great improvement for organizations who suffer from a cyber attack. The first-person coverage makes direct payments to the organization hit by the incident to cover things like damaged equipment. The third-party coverage helps pay for things like damage to customers. Many organizations carry both types of policies while others manage to function well with just one. As with determining what firewall or network to use, deciding on a policy depends on what an organization does and how they do it.
Security.org has a webpage with statistics on cybersecurity insurance. Here are some of the interesting numbers they have posted there.
Forecasts suggest that cyber insurance will grow into a $20 billion industry by 2025.
In 2018, 75 percent of cyber insurance premiums in the United States were for businesses. Only the remaining 25 percent, worth $500 million, were for individuals.
Cyber insurance covers a wide variety of cyberattacks, but statistics show that most cyber insurance claims from businesses relate to breaches.
A 2020 study showed that 73 percent of insurance claims between 2013 and 2019 fell under the insuring clause of incident response and crisis management of breaches.
The Security.org webpage points out that one quarter of cybersecurity insurance policies are now held by individuals. That is a sign of the times. Some individuals are now facing so much liability from cybersecurity incidents that they are willing to pay for insurance to help offset the expense.
Insurance Journal article: https://www.insurancejournal.com/magazines/mag-features/2014/09/22/340633.htm
Sercurity.org: https://www.security.org/insurance/cyber/statistics/
Comentários