Insurance against data loss has developed rapidly to protect organizations from the economic consequences of a data breach. Insurance companies have broadened their coverage to include not only the cost of notifying and monitoring affected persons, but also costs such as crisis response, legal guidance, and forensics.
But insurance isn’t enough – Cyber insurance policies also provide access to Risk Management services that help insureds avoid breaches. These services are typically educational in nature, providing insureds with training, reference material, and planning tools to help reduce the chance of a breach. Some even provide tools such as penetration testing and loss estimate calculators. For the mid-sized and smaller organization, these tools can be valuable in the fight against Cyber breach.
However, more can be done, as described in this year’s Cyber/Privacy Insurance Market Survey published in The Betterley Report (www.betterley.com).
Some insurers are now offering even broader services to help avoid breaches. Active Defense (products and services that independently protect organizations against breach) is now edging its way into the services a Cyber policy can provide. It is similar to the use of sprinklers to protect buildings against a fire – and property insurers against a claim. Active Defense can help organizations defend against breaches even when people err.
Insurers are also offering more personal services to help their insureds. These are in the form of staffed helplines to help an insured cope with its data security challenges. These go beyond the traditional Risk Management educational tools by giving access to an expert that can answer questions and direct insureds to additional resources. Although not a replacement for a Chief Information Security Officer, it is helpful to the organization that is too small to employ a CISO.
Why are these services noteworthy? They give insureds more direct assistance in the battle against data breach – a benefit that will be particularly important as more insureds come from the mid-sized and smaller organizational sector of our economy.