In today’s cybersecurity market, there has been an advancement in cybersecurity products. The products are planned to assist large, medium and small corporations and businesses from cybersecurity breaches. The breaches have increased over the years and these corporations and businesses need capital fast in order to recover and to get back to making a profit. In order to make a profit in this new offering of providing cybersecurity insurance it ultimately comes down to cyber risk management and putting a price on those risks, much in the same way that property insurance analyzes the various risks and its costs by way of using actuaries, and underwriters. Therefore, the demand for cyber insurance has increased significantly based on risk awareness and the monetary cost of surviving a huge breach. However, the field in assessing cybersecurity by deploying cybersecurity insurance is relatively new. The market for cybersecurity insurance is relatively new. Cybersecurity insurance products are also expected to grow over the next few years and gradually become very profitable. However, as it grows and profits are made, it is also safe to assume that some cybersecurity issues and incidents will not be covered. Many organizations are currently being established to regulate this new market. An active governing body such as the National Association of Insurance Companies(NAIC), and The United States National Institute of Standards and Technology(NIST) needs to mandate certain controls in which to make corporations, companies and businesses adhere to certain parameters such as assessments and audits. This is much in the same way property assessments occur in the traditional insurance market prior to signing an active liability insurance policy for protection. As corporations, companies and businesses start to seek these new type of cybersecurity products, the industry has stated that securing a cybersecurity insurance liability policy will not be such a simple task. The insurance companies that start to offer these new insurance policy products would base their coverage on many tested risk-management strategies that would be applied to corporations, companies and businesses to protect their enterprise network and its assets. The insurance companies will ultimately need the businesses’ disaster response plan. The insurance companies would then evaluate it with respect to the business’ risk management of networks, websites, physical assets and intellectual property. The insurance companies would also be interested in how these corporations’, companies’ and businesses’ employees are able to access their specified data systems. In summary of requirements needed prior to signing a policy, the insurance company will also want to know if antivirus, anti-malware software is deployed and the assessment of performance of their firewalls. Redport’s CEO Steve Reinkemeyer said “Some insurers are taking big risks by issuing Cyber Insurance Policies without requiring any specific systems security efforts from their clients.  Something as simple as a checklist requiring up to date software, firewalls and anti-virus solutions would be better than not having any requirements to get a Cyber Insurance Policy. Ideally, moderate security baseline controls should be implemented and verified by the insurers before taking on the high risk customers many are now insuring.”  As mentioned above, new governing bodies would then need the base standards in which these systems can be evaluated based on established assessments and audits. All of these factors need to be considered and calculated by data analytics and probability statistics before the field of cybersecurity liability insurance can take hold and protect corporations, companies and businesses bottom line and their profits. By Dr. Randall SylvertoothSource: http://www.naic.org/cipr_topics/topic_cyber_risk.htm

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA