Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer. But it doesnu2019t do a good job of covering the reputation damage and business downturn that can be triggered by a security breach. u2029 Cybersecurity insurance does mitigate some financial damage should you suffer an attack, but it’s not a complete solution. Here are five things CIOs need to know. 1. It’s a risk-management strategy. Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer. First-party insurance typically covers damage to digital assets, business interruptions and, sometimes, reputational harm. Third-party insurance covers liability and the costs of forensic investigations, customer notification, credit monitoring, public relations, legal defense, compensation and regulatory fines. Cyberthreats are so broad that the cost of protecting against them all would be prohibitive. The best approach is to identify and secure the company’s digital crown jewels, then quantify and insure the remaining risk, says Daljitt Barn, director of cybersecurity at PricewaterhouseCoopers. 2. American and European markets differ. The cybersecurity insurance market is more mature in the U.S. than in the E.U., primarily because of U.S. states’ mandatory data-breach-notification laws. Third-party insurance is more common in the U.S., and first-party is more popular in Europe, but that may change if the E.U. starts requiring breach notifications, Barn says. The U.S. market is growing about 30 percent per year, says Richard Betterley, president of Betterley Risk Consultants. Some surveys estimate that 30 percent of large U.S. companies have cybersecurity insurance, but among companies of all sizes, Betterley says, the number is probably under 10 percent. 3. Clear wording is essential. Before you buy, investigate what risks are covered by existing insurance packages, because there may be overlaps with a cyber insurance policy. “Make sure the cyber policy wording covers your true cyber exposure,” Barn says. “Challenge your corporate insurance broker to find a policy that provides a multifaceted response, including legal, PR, notification, forensics and cyber incident response.” 4. Coverage is inadequate in some areas. Cybersecurity insurance doesn’t do a good job of covering intellectual property theft or the reputational damage and business downturn that can be caused by a security breach, Betterley says. Meanwhile, the industry is debating whether state-sponsored cyberattacks, to the extent they can be identified as such, are covered by cybersecurity insurance policies. 5. There’s room for improvement. Ideally cybersecurity insurance should encourage companies to improve security so they can negotiate lower premiums. However, insurers don’t have enough actuarial data to adjust premiums based on what security controls and products are most effective, says Andrew Braunberg, research director at NSS Labs. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Related content BrandPost The future of trust—no more playing catch up Broadcom: 2023 Tech Trends That Transform IT By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom Mar 31, 2023 5 mins Security BrandPost TCS gives Blackhawk Network an edge with Microsoft Cloud In this case study, Blackhawk Network’s Cara Renfroe joins Tata Consultancy Services’ Rakesh Kumar and Microsoft’s Nilendu Pattanaik to explain how TCS transformed the gift card company’s customer engagement and global operati By Tata Consultancy Services Mar 31, 2023 1 min Financial Services Industry Cloud Computing IT Leadership BrandPost How TCS pioneered the ‘borderless workspace’ with Microsoft 365 Microsoft’s modern workplace solution proved a perfect fit for improving productivity and collaboration, while maintaining security of systems and data. By Tata Consultancy Services Mar 31, 2023 1 min Financial Services Industry Microsoft Cloud Computing BrandPost Supply chain decarbonization: The missing link to net zero By improving the quality of global supply chain data, enterprises can better measure their true carbon footprint and make progress toward a net-zero business ecosystem. By Tata Consultancy Services Mar 31, 2023 2 mins Retail Industry Supply Chain Green IT Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe