While cyber insurance provides an excellent opportunity to hedge/mitigate cyber risk, it appears that many businesses overwhelmingly overestimate how much protection their insurance offers in the wake of a cyber-attack. During a cybersecurity conference in London this week, Mark Weil, CEO of Marsh UK, said that 50 percent of financial executives Marsh surveyed last year believed their insurance policies would help cover the costs of a cyber-attack. However, when their contracts were analyzed, only 10 percent of the companies surveyed were actually covered. At the conference, Weil explained that this confusion regarding companies’ level of insurance against hackers is yet another sign that the financial sector continues to underestimate the severity of cyber-threats. Regardless, it appears that the interest in cyber insurance is increasing among the financial sector. “We are seeing a growing demand from clients to help them get their arms around the risk of cyber-attack and to get cover from the insurance market,” he said. “In three years, every large firm will have some kind of cyber insurance.”
Furthermore, a TheCityUK report notes that the financial services industry is the “perfect target” for a cyber-attack and recommended more cyber information-sharing as well as tax breaks to bolster cybersecurity investments. John McFarlane, chairman of Barclays and TheCityUK, explained, “[cybercriminals] are the hidden enemy, operating inside our organizations and inside our devices. They are incredibly difficult to detect: None of them has been prosecuted so far.” To help combat cyber-attacks, McFarlane said Barclays goes as far as holding four separate copies of their client data to guard against contamination. When faced with a denial of service attack, Barclays has a procedure to “move its client data to a third party, where it is “cleaned,” before being returned in a usable form.” Clearly, these processes take time, energy and resources, which is why many organizations fail to implement such measures. However, as we see more financial institutions facing the consequences of a cyber-attack, more will realize that the end justifies the means.