Cyber-insurance and Emerging Market Pressures for Security
Not many organizations have cyber insurance but the risks of data loss and the increasing costs of major data breaches, like TJX's, may increase the incentives to pay someone else to assume some of the risk. The report by SearchSecurity that insurer Chubb Corp. is offering discounts to customers that use penetration testing is a promising sign for a couple of reasons.
First, security professionals can point to concrete bottom line savings in insurance costs for using a particular countermeasure. This will eventually make it easier to justify and get these tools. It will also help get a better accounting of the risks that IT brings to an organization.
"The servers and full time resources of IT are on the balance sheet but risk may not be on the balance sheet of some firms yet," [Dan] Blum [of the Burton Group] said. "Once we do a better job of risk assessments, there will be more opportunities for insuring the value that we track."
Second, it shows the insurers are getting better at estimating costs and risk factors. Life insurance costs less for non-smokers, why not reduce the cost of cyber insurance for those that use best practices.
The cyber insurance market is relatively immature but it is starting to look like it is getting its sea legs.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
