Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Technology

47% of Organizations Have Cyber Insurance, Up From 34% in 2017: Study (zdnet.com) 28

Cyberattacks are now considered by most execs to be the top business concern, far outranking economic uncertainty, brand damage, and regulation, according to a survey by insurance consultancy Marsh and tech giant Microsoft. From a report: The global survey of over 1,500 business leaders illustrates the rapid change in business leaders' perceived risks to their organizations and shows that having a cyber insurance policy is now more common than two years ago. In 2017, Marsh and Microsoft found that 62% of respondents saw cyberattacks as a top-five risk, whereas this year 79% do. The share of respondents who see cyber attacks as the number one risk has also risen from 6% to 22% over two years. This year, the second most widely considered top-five risk is economic uncertainty, followed by brand damage, regulation, and loss of key personnel. [...] According to Marsh and Microsoft's survey, 47% of organizations have cyber insurance [PDF], up from 34% in 2017. Additionally, 57% of large firms with annual revenues of over $1bn report having cyber insurance compared with 36% of organizations with revenues below $100m. Nearly all respondents, totaling 89%, are confident their cyber insurance policy would cover the cost of a cyber event.
This discussion has been archived. No new comments can be posted.

47% of Organizations Have Cyber Insurance, Up From 34% in 2017: Study

Comments Filter:
  • Please please please make this insurance a requirement so that I can go about my business in the same way that doctors and auto insurance does. Dude, can you IMAGINE what it'd be like to be an "IT guy" but where people HAD to pay you through an insurance program that sets the prices 10 times what they are now?

  • These numbers are the kind of thing that would make a cynical person start to ask if the companies offering cyber insurance have contributed to the increase in cyber crime. From a pure profit perspective how could they ignore the opportunities that would arise from perhaps hiring black hats to increase their attacks? Not that I'm a cynical person at all...
    • These numbers are the kind of thing that would make a cynical person start to ask if the companies offering cyber insurance have contributed to the increase in cyber crime. From a pure profit perspective how could they ignore the opportunities that would arise from perhaps hiring black hats to increase their attacks? Not that I'm a cynical person at all...

      Same conspiracy notion that Norton Antivirus was the actual source of new viruses back in the '90s.

      Why hire black hats? That would be risky. Hire grey hats who don't give a flying shit about black or white.

      But I doubt that high profile companies are going to employ tactics that can ruin their business and send them to jail. Disgruntled workers and all ...

      • by Dugnuts ( 869409 )
        Come on, as if businesses don't have clandestine ways to hide money. Oh you had a $15000 lunch meeting? Oh well that's completely reasonable...
      • Which makes sense... both ways.

        So it's not unrealistic at all.

        Of course the most profitable company would focus on the kind of hacks that don't involve them actually paying, but involves people thinking they do.

        So we have a hypotesis for measuring likeliness of them doing it themselves:
        The total amount of damage of hacks of clients of an insurer ... VS the amount they had to pay out.
        Next step: Make sure to exclude other reasons.

        • by Dugnuts ( 869409 )
          Obviously they don't target their own clients, that's ridiculous. Why do that when there are so many companies out there who don't have insurance yet? ;)
          • * To get the premiums up and rebates for good behavior down.
            * To upsell them.
            * To keep them from ending an unnecessary money sink in the face of their own competition.

            In face, you can either do it, or lose to your competition that does, get bought, and be made to do it anyway. Your choice.
            Isn't the "free" market great?

  • My workplace decided to opt for it. It's not terribly expensive and we have a $1MM policy that doesn't mandate we jump through a bunch of IT infrastructure requirements hoops. Although for larger companies that $1MM could be eaten up quickly.

    For example, say you have a data breach where only customer identifying details like mailing address, phone number, and e-mail address are compromised. You'd still likely be required to purchase a year's worth of identity monitoring for all customers. Say that's $100/ye

  • This isn't really a good thing because it tells every criminal that ransomware WILL be highly profitable. This strategy may backfire as business specific ransomware may begin demanding significantly more money as they know the insurer will be forced to pay. The only way this could be any good is if there are strict security requirements in order for the businesses to be covered.

    • Have you ever noticed the "UL Listed" or "UL Registered" marks on electrical products. Major retailers won't carry products that don't meet UL fire and safety standards, it's pretty much required in order to sell any product outside of eBay and Amazon fakes.

      UL stands for Underwriters Laboratories. Underwriters as in insurance companies. Yep, that's an insurance company mark. By setting standards, the insurance company established standards for fire safety and electrical safety that virtually every manuf

  • There is one serious problem with growing popularity of cyber insurances. Usually, cyber-insurance companies encourage their ransomware victims to pay for decryption keys, because it is the cheapest option for them (at least, in the short-term). However, that makes file-locking malware attacks much worse in the long run.

    https://www.zdnet.com/article/... [zdnet.com]

  • Ah, insurance. The unexpected final doom of Microsoft! Insurers will require Linux in order to get the lowest rates. Even stupid people can understand that.

  • These policies are getting very common, but companies have already run into issues. For instance, some policies are refusing to pay for incidents that are believed to be the result of a nation-state sponsored event. They are invoking the "Acts of War" exclusions in their policies: https://www.schneier.com/blog/... [schneier.com]
    • With all the ransomware attacks I think you are going to see lots of insurance companies require that you implement something like the Center for Internet Security top six as a minimum for insurance payment.
      Going by something like CIS 6 gives firms a standard that has to be followed and insurance investigators can verify that they are being followed.
      • by EvilSS ( 557649 )
        A lot of them have requirements for a baseline security model. They are really meant to cover unexpected gaps and zero-day type breaches. They will fight you if it's gross negligence that caused the breach.
  • An word that stopped being cool at the beginning of the 2000s; is a clear sign of people who print out their e-mails; and can be removed wherever it occurs, without changing the meaning in the slightest.

    _ _ _ _
    (Subject altered to circumvent:
    Lameness filter encountered.
    Your comment violated the "postersubj" compression filter. Try less whitespace and/or less repetition in the subject line.)

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...