Cyber Insurance: Analysing The Increasing Requirement In Modern Corporations

Cyber Insurance and Modern Corporations

Make 1250 to 1500 word assignment on topic "cyber insurnce ".

Cyber Insurance is defined as insurance policy which cover first and third party losses that are caused due to malfunction of information technology systems or computer-based attacks. Cyber Insurance policies mitigate the risk face by people and corporations from cyber-attacks or malfunctioning of information technology systems (Romanosky et al., 2017). In recent years, cyber insurance policies cover a large variety of information technology losses such as errors, extortion, data destruction, hacking, defamation and many others. The popularity of cyber insurance is continuously growing along with the risk of cyber-attacks. The number of cyber-attacks has grown substantially in past decade, and many corporations have suffered significant financial losses. Therefore, the role of cyber insurance in the protection of individual and companies has increased along with the number of corporations that provide this facility. This report will focus on analysing cyber insurance and reason for its increasing requirement in modern corporations. The report will discuss various types of cyber insurance and their use in modern companies. Further, the advantages and shortcomings of modern cyber insurance policies will be discussed and recommendation will be given in the report to address its issue

Cyber Insurance is referred to insurance for various cyber risks and liabilities which help corporations in mitigating risk exposure by offsetting expenses involved that recover company’s data in case of cyber-related security breaches or other attacks. As per the research of PwC, more than one-third of US-based corporations purchase some type of cyber insurance to mitigate the risk of cyber-attacks (Lindros and Tittel, 2016). PwC study provided that by 2020, the market for cyber insurance will worth more than US$7.5 billion (PwC, 2016). A large number of popular insurance companies provide the facility of cyber insurance such as Travelers, Allianz, and Chubb Philadelphia.

In today’s competitive world, almost every business is dependent on online data that is crucial for their development and use of public domain increase the potential threats of fines, interruption, and compensation (Zhao, Xue and Whinston, 2013). With the growing threat of cyber-attacks, corporations prefer to choose cyber insurance option since it protects company’s data and servers from first and third party attacks. In Australia, CFC dealt with 400 claims in 2016 in which 20 percent were related to electronic crimes and more than one third were data breaches (Ismail, 2017). Following are the threats face by modern companies which increases the requirement of cyber insurance.

• Hacking
• Denial of service attacks
• Electronic commerce
• Viruses
• Malware
• Internet services
• Online data breach
• Infringement of Intellectual property
• Errors and Omissions

Types of Cyber Insurance Policies

With the growing popularity of Internet-based services and social media sites, the risks face by modern companies have grown as well. Organisations face a number of issues (as discussed above) while operating their businesses. Following are some example of cyber insurance policies that protect companies from different types of cyber risks.

Cyber Security Insurance - It is also called Crisis Management Expense Insurance and Privacy Notification Insurance, and it covers first-party damages face by companies. The insurance deals with various costs faced by corporations after cybersecurity breaches such as hiring of public relation agent, hiring of forensics expert, notification charges, monitoring costs and others (Elmaghraby and Losavio, 2014).

Extortion - It reimburses various expenses relating to the investigation in cyber-attacks or payment to extortionists who threaten to release sensitive data.

Hacksurance - It protects companies from hacking and various other cyber-attacks.

Technology Errors and Omissions Insurance - It is also known as Professional Liability or E&O and it over companies that sell technology products and services. It covers any negligence claim of the client that is caused due to an employee’s omission or machine error.

The main benefit of cyber insurance is that it protects corporations from various internet related liabilities, save company’s online data and reimburses various expenses. Following are some example of how cyber insurance is beneficial for modern corporations.

1. Protection from Data Loss: Modern companies store online data which include sensitive information about customers, employees, and The firm can be held liable for protected health information (PHI) or personally identifiable information (PII). A cyber insurance policy protects companies from liability in case any breach occurred in company’s database.
2. Error and Omissions: A cyber insurance policy covers errors or omissions claims that cause while the company provides its services like software, consultancy, architects, engineers, and others (Bandyopadhyay and Mookerjee, 2017).
3. Lost Devices: Organisations deal with a large number of electronic devices such as laptops or smartphones that often leave office premises and may be stolen or compromised. In case of breach, cyber insurance policy protects unauthorised access to devices and protects the confidential information. A cost of laptop or smartphone can be more since it includes legal charges, investigation and various other costs (Adeleke, Ibiwoye and Olowokudejo, 2012).
4. Forensics: In case of data breach or cyber-attack, computer forensics teams analyses the situation which is considerably expensive for corporations. A cyber insurance policy reimburses the forensics expenses, and it also provides coverage for potential business loss or other expenses.
5. Media Liability: The injury claims cause due to infringement of copyrights, intellectual property, trademark, and Due to the popularity of social media sites and internet services, modern corporations face various issues relating to media infringement, and cyber insurance protects companies from damage claims.
6. Notification Requirements: It is mandatory by law for a company to notify customers of a breach which can be significantly expensive for companies. A cyber insurance corporation provides the facility of counseling and reimburses the costs related to the issue (Pal et al., 2014).

Following are shortcomings in cyber insurance policies that negatively affect a company.

1. Limits on Coverage: One cyber insurance policy does not cover entire liabilities, and one policy might cover one type of loss and not another. For example, a policy might not cover third-party damages, such as unauthorised access or damage caused due to another party, which increase the cost of the corporation even when it has a cyber-insurance policy (Kam, 2012).
2. Loss of Data: If the company fails to update its security patches, firewalls, and antivirus system and if the corporation did not have a backup of its data, then such data is gone, and cyber insurance cannot protect such data.
3. Limit of Choice: There are fewer choices available for companies when it comes to cyber insurance policies. Many enterprises prefer to use providers that they have an existing relationship with, but they might not provide an appropriate policy which protects corporations from cyber-attacks (Yang and Lui, 2012).

Following recommendations can assist corporations in selecting right cyber insurance policy which protects them from cyber-attacks.

• Different corporations should identify their unique cybersecurity risks and select a policy to cover such threats. For example, bank and retailers should buy different cyber insurance policy to protect different risks (Nocera, 2014).
• The companies should evaluate their existing policy to ensure that it covers different risks such as first and third party claims.
• The firms should focus on basics while purchasing a cyber-insurance policy to ensure that it covers the threats faced by the enterprise. Many corporations buy policies which they do not require, and they increase their expenses (Fouche, 2016).
• The corporations should consider the interest of each stakeholder while purchasing a cyber-insurance policy to ensure that it protects their interest.
• The companies should invest in data backup software to ensure that their data is secured even after a breach because cyber insurance policy cannot recover lost data.

Conclusion

Conclusively, the role of cyber insurance has grown substantially in modern corporations because the use of internet and online based services has increased as well. Cyber insurance policies protect companies from various threats such as hacking, malware, virus, denial of service attack, infringement of intellectual property and others. There are various benefits of cyber insurance such as protection from loss of data and devices, reimbursement of costs such as forensics, media liability, error and omission liability and others. The shorting comings of cyber insurance include limits on coverage, lack of choice, and loss of data. While selecting a cyber-insurance policy, the companies should identify their unique risks, evaluate existing policies, consider the interest of each stakeholder, and invest in data backup application to take full advantage of the service. Modern companies should purchase a cyber-insurance policy which is suitable for their business in order to ensure that they are protected against various cyber-attacks which sustain their future growth.

References

Adeleke, I., Ibiwoye, A. and Olowokudejo, F. (2012) Cyber risk exposure and prospects for cyber insurance. International Journal of Management and Business Research, 1(4), pp.221-230.

Bandyopadhyay, T. and Mookerjee, V. (2017) A model to analyze the challenge of using cyber insurance. Information Systems Frontiers, pp.1-25.

Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.

Fouche, L. (2016) Understand your cyber risks before selecting cyber insurance. [Online] LinkedIn. Available at https://www.linkedin.com/pulse/understand-your-cyber-risks-before-selecting-insurance-leon-fouche [Accessed 18^th January 2018].

Ismail, N. (2017) Cyber insurance – a growing requirement?. [Online] Information age. Available at https://www.information-age.com/cyber-insurance-growing-requirement-123465018/ [Accessed 18^th January 2018].

Kam, R. (2012) The Benefits and Limitations of Cyberinsurance. [Online] Risk Management Monitor. Available at https://www.riskmanagementmonitor.com/the-benefits-and-limitations-of-cyberinsurance/ [Accessed 18^th January 2018].

Lindros, K. and Tittel, E. (2016) What is cyber insurance and why you need it. [Online] CIO. Available at https://www.cio.com/article/3065655/cyber-attacks-espionage/what-is-cyber-insurance-and-why-you-need-it.html [Accessed 18^th January 2018].

Nocera, J. (2014) How cyber insurance can help you better manage security risks. [Online] PwC. Available at https://usblogs.pwc.com/cybersecurity/how-cyber-insurance-can-help-you-better-manage-security-risks/ [Accessed 18^th January 2018].

Pal, R., Golubchik, L., Psounis, K. and Hui, P. (2014) Will cyber-insurance improve network security? A market analysis. In INFOCOM, 2014 Proceedings IEEE (pp. 235-243). IEEE.

PwC. (2016) Insurance 2020 & beyond: Reaping the dividends of cyber resilience. [Online] PwC. Available at https://www.pwc.com/gx/en/industries/financial-services/publications/insurance-2020-cyber.html [Accessed 18^th January 2018].

Romanosky, S., Ablon, L., Kuehn, A. and Jones, T. (2017) Content Analysis of Cyber Insurance Policies: How do carriers write policies and price cyber risk?.[Online] FTC. Available at: https://www.ftc.gov/system/files/documents/public_comments/2017/10/00012-141437.pdf [Accessed 18^th January 2018].

Yang, Z. and Lui, J.C. (2012) Security adoption in heterogeneous networks: the influence of cyber-insurance market. In International Conference on Research in Networking (pp. 172-183). Springer, Berlin, Heidelberg.

Zhao, X., Xue, L. and Whinston, A.B. (2013) Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. Journal of Management Information Systems, 30(1), pp.123-152.