From: BankInfoSecurity.com
Many Are Still Weighing the Value of Coverage
Despite headline-grabbing data breaches that have proven costly to organizations in many sectors, the purchase of cyber-insurance to cover potential costs remains relatively rare.
Cyber-insurance policies vary widely, but they often cover notification expenses, credit-monitoring services, and, in many cases, legal defense costs and even government penalties.
“Cyber-insurance is viewed as much more of a discretionary purchase, and risk managers really have to be educated on the need to purchase the coverage and what the coverage actually provides,” says David Bradford, who published a 2012 survey that addresses cyber-insurance for RIMS, the risk information management society (see Coming of Age of Cyber Insurance).
“So far, that’s been a little bit of a difficult sell for brokers,” Bradford says. “Partially it’s because it’s a new product with brokers as well. A lot of them just don’t really understand the products that well themselves. They don’t do an effective job of indicating the need to the buyers.”
Misperceptions
A 2012 survey of more than 100 global Forbes 2000 corporations by Carnegie Mellon CyLab shows that many board members and executives incorrectly believe that other types of corporate liability insurance cover losses due to data breaches, says lab official Jody Westby.
“That’s pretty stunning because most corporations, especially large global corporations, should understand that cyber-risks generally are not within property and general corporate liability policies,” Westby says.
Leave a Reply