Cyber Insurance - What you need to know

Download Cyber Insurance - What you need to know

Post on 14-Apr-2017




1 download

Embed Size (px)


<ul><li><p>RestrictingAuthenticating</p><p>Tracking</p><p>User Access?</p><p>Time Is NotOn Our Side!</p><p>1) Story of Lloyds and Beginning of Insurance: Sample of Cyber Insurance Policy and Annual Premium: 3)PR Newswire News Report on Ponemon Institute Data Breach Study: </p><p>12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191</p><p>Were a long way from the 1600s when insurance began. The first form of insurance started when marine merchants pooled their money to cover them-selves in case sea-borne merchandise was lost in route.(1) Now, with the rise of cybercrime, organizations have begun protecting themselves in a similar manner, through investing in cyber insurance. </p><p>There are good reasons to have cyber insurance. For example, it can cover your expenses in the event of a data breach - paying forensics experts to find and fix the reasons behind the breach, notifying all customers impacted by the breach, credit monitoring services for the victims, etc. </p><p>Two questions frequently arise when a company looks into cyber insurance: 1. What type of insurance policy does my company need to pay for? And, 2. How can we make our company as attractive as possible to a cyber-insur-er, and therefore get the best rates? The answer to these questions varies depending on the nature of your busi-ness, but this paper will provide some solutions.</p><p>Many cyber insurance companies have baseline information indicating what type of policy and annual premium an organization should purchase.(2) Un-fortunately, these baselines do not usually meet the actual coverage an organi-zation needs. </p><p>According to the recent Ponemon Institute Data Breach Study, the average cost of a data breach was $3.8 million - approximately $200 per record(3). For example, if a small health care organization has 100,000 patient health care records, at a $200 cost per lost record, the cost of a breach to that organiza-tion would be $20 million. An annual premium for a $20 million policy could be $500,000, and some organizations such as the small company in our example - cannot afford the annual premiums for a policy that realistically meets their needs. </p><p>Cyber InsuranceWhat You Need to Know!</p><p>....baselines donot usually meet</p><p>the actualcoverage anorganization</p><p>needs.</p></li><li><p>COPYRIGHT 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS</p><p>The good news is that cyber insurance is a relatively new and growing business. This is good news because, as more organizations buy cyber insurance, this will lower premium costs and allow for investment in larger policies (assuming a non-problematic breach rate). </p><p>But how much cyber insurance should our company get? our clients frequently ask their VIMRO security team. As a starting point, our reply to this question is usually another question: Has your organization gone through an exercise to determine the cost of data theft and the loss of availability to your critical data? </p><p>If your organization has performed an analysis identifying the value of your data and the cost of data loss, you have a good start on determin-ing how much insurance you may need. If an organization has not done this analysis, then we usually recommend this exercise as a first step. </p><p>This then leads us to the importance of demonstrating to an insurance company that your organization is a good investment: i.e. that you have sound security controls in place to reduce your risk of a breach. </p><p>Some insurance companies will conduct a security assessment on a potential client before allowing the company to purchase cyber insur-ance. Then, for those organizations with stronger security controls already implemented, the insurance company can determine lower annual premiums for the policy that best suits the clients needs.</p><p>Frequently, VIMRO finds a carefully-followed security framework already functioning at organizations which are able to demonstrate strong security controls (and are therefore attractive clients). Some common frameworks used by our clients are: ISO 27001 COBIT, and NIST Cybersecurity FrameworkThese security frameworks allow an organization to focus on the critical controls necessary to prevent, detect, and respond to a threat.</p><p>Cyber InsuranceWhat You Need to Know!</p><p>(800) 272 0019Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL</p><p>Has your organizationgone through an exercise</p><p>to determine the costof data theft and theloss of availability to</p><p>critical data?</p></li><li><p>COPYRIGHT 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS</p><p>For example, the NIST Cybersecurity Framework contains the following control categories:</p><p>With these two critical items in place, 1) an estimate of a data breachs cost to your organization, and 2) ongoing management of a reputable security framework, your organization is prepared to work with your cyber insurance provider to get the best policy at the best price!</p><p>Contact VIMRO now to explore how we can help you prepare for your cyber insurance needs. </p><p>Cyber InsuranceWhat You Need to Know!</p><p>(800) 272 0019Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL</p><p>What two criticalitems must be</p><p>successfully in placeto get the best policy</p><p>at the lowest premium?</p><p>Authored by VIMROs Cybersecurity Leaders</p></li></ul>