Not only does cyber insurance serve as a pivotal tool for mitigating cyber risks on the back-end, it can also lead to better cybersecurity practices, helping identifying and preventing a cyber-attack before the damage is done. In order to qualify for cyber insurance, a company must often meet very specific requirements, including advanced firewalls, a cyber-incident response plan, malware protection, patch management and a multi-factor login authentication. In fact, the UK has already created the UK Government’s Cyber Essentials in which businesses immediately qualify for cyber insurance once a list of specific cybersecurity measures are met.
As one of the fastest growing types of insurance in the market, cyber insurance is certainly becoming a necessity. Richard Pharro, CEO of APMG, explains how damaging cyber-attacks can be on a company; “Plainly, prevention is better than cure, but the reality of the situation is that however well protected your business is, it will likely suffer a cyber-related breach at least once in its lifetime. The events of the past year in particular have shown how large-scale breaches can have had a marked impact on a company’s reputation, on their balance sheet, and on general operations thereafter.” On the other hand, however, many claim cyber insurance can be a sham if the broker encourages one to purchase insurance, but rejects the claim once a breach occurs due to poor cybersecurity practices or losses not included in the original policy. As insurance companies develop proper ways to gauge cyber risk, policies will be molded to a particular company and its needs.