Is the move towards cyber insurance hurting cybersecurity? One expert believes so. Carl Leonard, Principal Security Analyst at global cyber security firm Websense, said that “when companies shift their focus to insurance rather than mitigation, they leave themselves open to attack.”
Leonard is worried that companies shifting their focus towards insurance will not be putting themselves in the best position possible to “work dynamically” and “embrace new technologies,” both of which are necessary to stay on top of cybersecurity threats. “Insurance is not going to solve the underlying root problem of being able to understand what threats you are faced with and how best to mitigate those,” said Leonard.
He believes that insurance companies will soon demand that clients prove that they have exhausted all mitigation strategies before filing a claim, arguing, “it might be that when we go into the cyber insurance details that they want some sort of proof that a business has taken the necessary steps for their payout to be valid.”