Cyber Insurance is NOT a Substitute for Cybersecurity

COVID-19 related cyberattacks have proliferated since the beginning of the year 2020. With millions of people working from home in the wake of the Corona virus pandemic, the gaps in the cybersecurity ecosystem have become apparent.

Cyber criminals and nation-state actors have been presented with an exponential growth in access points to penetrate the corporate systems, and this leaves many organizations vulnerable to cyberattack. Employees as well as organisations consider themselves too trivial a target until they finally fall prey to an attack.

Cyber insurance should NOT be considered as a substitute for cybersecurity

The advancement in technology such as artificial intelligence (AI), machine learning (ML) etc. are helping organizations grow, however these are the same technologies being adapted by hackers to launch well planned and sophisticated cyberattacks. This has created a huge demand for cyber insurance that protects a business or organisation against the costs associated with data breaches.

What Does a Cyber Insurance Cover?

Cyber insurance generally covers your business’ liability for electronic data breach involving sensitive information regarding your customers or employees. In addition, it provides cover against loss or damage to multimedia and media liability, extortion liability, network security liability, regulatory proceedings etc.

What it Does Not (Or Cannot) Cover?

The various covers under cyber insurance can provide a shield against the financial losses only up to a certain extent. However, what it cannot cover is the reputation loss, no matter how fat the insurance policy is.

Although, some policies cover costs you incur for marketing and public relations to protect your company’s reputation following a cyberattack or a data breach, it’s difficult to predict the cost of crisis management and hence getting yourself insured against such losses is not easy. It’s also a time consuming process, which can hamper your business growth in the interim.

Read more: Cyber Watch: Increase in Cyber-Crimes Amongst Corporations Amidst Covid-19

Thus, cyber insurance should NOT be considered as a substitute for cybersecurity. In fact, ‘bad security policies’ is one of the general exclusions in cyber insurance. Organisations are mandated to implement proper cybersecurity measures and adhere to strict policies or otherwise the claim can be rejected by the insurance company.

Can Cyber Insurance Help to Improve Cybersecurity?

Not directly, but as mentioned above, it can have an indirect impact as the insurance company would demand that an organisation has assessed its vulnerability to cyberattacks and has implemented the best practices to protect themselves against cyberattacks. The insurance provider may decide to then curate a package for the organisation by means of more coverage at lower premiums for following the best practices in cybersecurity.

Proactive Cybersecurity is the Need of the Hour

Larger cyber-attacks generally garner a lot of media attention but, small and medium sized organisations are also being targeted almost as frequently as their larger counterparts. SMEs consider cybersecurity as an afterthought, making them an easy target for cyber criminals.

Read more: Synergy Enters Indian Insurtech Market with Automation and Cybersecurity Solutions for Domestic Players

However, COVID-19 has woken up the SMEs from their cybersecurity slumber. The rise in cyberattacks during the pandemic has caused a change in attitude and now, large enterprises as well as SMEs are becoming much more concerned about cybersecurity than before.

As more and more companies start seeing remote work as a new normal, proactive cybersecurity has become the need of the hour. The organisations that haven’t yet realised the gravity of the situation and are still not putting a cybersecurity policy in place, will become soft targets for hackers sooner or later.

Summary

Cyber insurance is NOT a substitute for cybersecurity. One can count on cyber insurance to recover the financial losses up to a certain extent but the damage to the reputation out of a cyberattack is almost irreversible. Thus, it is imperative for all organisations, irrespective of their size to have end-to-end cybersecurity measures in place coupled with a comprehensive cyber insurance policy.

Guest contributor Neelesh Kripalani is the Sr. VP & Head- Center of Excellence at Clover Infotech, one of the top managed IT services and consulting companies in India. Any opinions expressed in this article are strictly that of the author.