Cyber Security Insurance Market - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Cyber Security Insurance Market

Cross-industry standards could spur more affordable cyber security insurance.

Download the entire May issue of InformationWeek Government, distributed in an all-digital format (registration required).

One big question hangs over the NIST Framework for Improving Critical Infrastructure Cybersecurity: Will the operators of the nation's critical infrastructure use it?

The voluntary recommendations reflect industry's best cyber security practices, but self-interest and prudent risk management may not be enough to compel critical-infrastructure owners to adopt the framework. One incentive would be if compliance with the framework makes it easier and cheaper for companies to get insurance to cover cyber security incidents.

Various insurance industry sources estimate that cyber security insurance generates annual revenues of $1 billion to $2 billion -- most of it in the US. Double-digit growth is expected in coming years. But business requirements and government regulations, not insurance requirements, still are driving cyber security investments, says Thomas Reagan of the Beazley Group, which has been underwriting cyber security insurance policies since 2000. Beazley helps clients assess their exposure to cyber security risk, "but there is no bright line that is going to be a guarantee of security," he says. "The risk is going to be what it is."

[Learn more about NIST's cyber-security framework. See Protecting Critical Infrastructure: A New Approach.]

Reagan has seen the market evolve over the past decade. Since the late 2000s, it became apparent that the risk from breaches isn't just in the lost data, but also in the recovery costs, including the costs of forensic and legal assistance, notification, and credit monitoring, as well as crisis management and public relations.

A common framework for evaluating a company's security status could streamline assessments for an insurance policy, Reagan says, and put a strong emphasis on response: "When a breach happens, it's not the end of the road. It's the beginning of another road. Protection is not enough. You have to be ready to respond."

To read more,
download the May issue of InformationWeek Government
distributed in an all-digital format (registration required).


William Jackson is writer with the <a href="" target="_blank">Tech Writers Bureau</A>, with more than 35 years' experience reporting for daily, business and technical publications, including two decades covering information ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Ninja
4/21/2014 | 10:55:43 AM
Target Case
The Target breach might cause other organizations that store highly coveted information like credit cards to consider breach insurance. It seems prudent, along the lines of flood insurance, though I wonder if some organizations feel like it sends the wrong message to the public -- that is, that the company is not only hackable, but willing to pay out insurance premiums in anticipation of a breach.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll