Insurance Companies Pushing for More Cybersecurity
This is a good development:
For years, said Ms Khudari, Kiln and many other syndicates had offered cover for data breaches, to help companies recover if attackers penetrated networks and stole customer information.
Now, she said, the same firms were seeking multi-million pound policies to help them rebuild if their computers and power-generation networks were damaged in a cyber-attack.
“They are all worried about their reliance on computer systems and how they can offset that with insurance,” she said.
Any company that applies for cover has to let experts employed by Kiln and other underwriters look over their systems to see if they are doing enough to keep intruders out.
Assessors look at the steps firms take to keep attackers away, how they ensure software is kept up to date and how they oversee networks of hardware that can span regions or entire countries.
Unfortunately, said Ms Khudari, after such checks were carried out, the majority of applicants were turned away because their cyber-defences were lacking.
Insurance is an excellent pressure point to influence security.
PonyAdvocate • March 12, 2014 12:50 PM
It used to be that insurance companies had some of the finest engineering staffs of any businesses. One of the responsibilities of these engineers was to inspect the operations of insured clients, to make sure they were running as safely as possible (not out of benevolence, of course, but with a view towards minimizing claims the insurer paid). I have for years thought that a liability insurance requirement would be the most effective way to police businesses that are tempted to cut corners when it comes to operating safely, and not just with regard to cybersecurity: Any enterprise whose activities have the potential to cause harm should be required to carry adequate liability insurance from an independent carrier (no self-insurance of any kind allowed). If an enterprise fails to do so, some significant percentage of its top employees should be subject to lengthy sentences in maximum security prisons and ruinous fines to be paid from their personal assets.