This sector of the insurance industry is doing great business but policyholders may not know what they need.
Businesses are very aware that they need protection against data breaches, but cyber insurance confusion is causing notable problems. Companies know they need coverage but don’t necessarily know precisely what that coverage should include.
This is a very complex market, which makes it difficult to determine what coverage is needed.
After all, the cyber insurance confusion doesn’t just start at buying a policy. Even assessing the damage following a major data breach can be highly challenging. After all, it isn’t just a matter of finding physical damage. In this case, there are factors that are much more difficult to measure, such as reputation damage, among others.
As this is difficult enough after the fact, it is even harder to try to predict what will be needed in advance. Every type of cyber attack is different. The nature of the attack and extent and form of access gained are both highly determining factors regarding impact.
Therefore, cyber insurance confusion is nearly inevitable while attacks and coverage remain this complex.
Once a company has cyber insurance coverage, it can also be challenging to know exactly how to file a claim. Actually recouping money from these policies can become problematic not because of the policies, necessarily, but because of the complexity of the issue itself. Understanding who is to blame, what affect the damage has had and many other factors only make things tougher.
Often, companies receive only a fraction of their full coverage from their payouts. The reason is that the companies frequently don’t know they are required to take certain steps to ensure full protection. For instance, if encryption was not implemented on all the affected applications from a data breach, coverage will be reduced.
That said, as much as encryption makes sense in many instances, there are situations where it isn’t possible to implement. For instance, if encryption were to be placed on all ATM apps, customers wouldn’t be able to access their accounts.
SANS analyst Barbara Filkens created a report titled “Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey.” In it, Filkens showed that cyber insurance confusion causes 4 main gaps. These gaps are: technology, assessment, communication and investment.