Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • Why is it Safer to Use a Prebuilt Platform for your Website?
    • Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity
    • 10 Strategies to Stop Ransomware Attacks
    • Rajiv Kulkarni Talks about the Malware Analysis Pipeline
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 27, 2022

      Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity

      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 26, 2022

      10 Strategies to Stop Ransomware Attacks

      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 27, 2022

      Why is it Safer to Use a Prebuilt Platform for your Website?

      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

    TechSpective
    You are at:Home»Security»Data Breach»Cybersecurity Insurers Are Putting an End to the ‘Pass the Buck’ Era
    cybersecurity insurance insurer risk
    Image from Pixabay

    Cybersecurity Insurers Are Putting an End to the ‘Pass the Buck’ Era

    1
    By Derek Dowell on July 26, 2021 Data Breach, Security Awareness

    Though plenty of analysts foresaw that 2021 might be a dramatic year when it came to corporate cyberattacks, I think it’s fair to say that even by now it has surpassed our expectations. First there was the SolarWinds breach and now a massive attack has hit the Microsoft Exchange server, also leading to the release of vast amounts of sensitive data.

    You would have thought that companies like SolarWinds, the US DoD (Department of Defense), and Microsoft would have learned their lesson by now, and that the millions (billions?) of dollars they spend on security each year would have made such breaches a thing of the past or at least less frequent. Not so. Dig a little deeper into the reporting around these breaches, and you’ll see that the companies involved didn’t actually lose much, at least financially, because they were insured.

    Whether that’s a good thing is debatable. For years, security researchers have been pointing out that the rise of cyber insurance might actually be making security worse. By adopting a risk-based security approach, and in the last year by using risk management techniques in remote work, companies have less of an incentive to build genuinely strong defenses.

    That might be about to change, and with it our whole approach to cybersecurity.

    The Insurance Debate

    Even a decade ago, plenty of people were skeptical about the idea of cyber risk insurance. While the risks of cyberattacks were recognized – in terms of financial loss, potential legal action, and reputational damage – some analysts were of the opinion that cyber risks were simply too hard to predict to be accurately insured against.

    These concerns were quietly ignored. In fact, looking back you can see a problematic complicity between companies looking to mitigate their liability, insurance companies looking to increase their premiums, and security firms willing to provide untested defensive systems. In other words, cyber risk insurance managed to remove responsibility for ensuring strong cyber defenses from all three parties.

    The problematic outcome of this system is a classic example of a “moral hazard.” This is a concept that relates to gambling with other people’s money. When this happens, greater levels of risk are taken than when your own money is at stake. A classic moral hazard example is automobile insurance. Once insured, drivers have little incentive to drive more safely as the costs of an accident will be borne by a third party, i.e., the insurer.

    Something similar happened over the past decade with cyber insurance. Instead of building their own secure systems, corporations have come to believe that risk assessment for SaaS companies is a good replacement. Instead of using proven cybersecurity apps and techniques, we’ve “passed the buck” of cybersecurity to insurance companies who know little of the subject, but who generated $3.15 billion in the U.S. market in 2019 alone.

    Changing Approaches

    Now, however, things might be about to change. In the wake of the huge corporate data breaches of the last few years, insurance regulators are increasingly concerned that insurers aren’t doing enough to understand the risks they are insuring against and nowhere near enough to encourage their customers to put better protections in place.

    The most prominent example of this changing approach has recently been codified by New York’s regulator for the insurance industry, the Department of Financial Services. The organization issued a new Cyber Insurance Risk Framework last month, and it signals a major change for insurers in the state. “As part of their cyber insurance risk strategy,” it spells out, “insurers that offer cyber insurance should regularly evaluate systemic risk and plan for potential losses.”

    In plain speak, this means that insurers should assess the level of preparedness of the companies they insure and adjust their premiums accordingly. There are precedents for this – some homeowner insurance providers offer discounts up to 20% when homeowners install home security systems, for instance – but it nevertheless indicates a monumental change in the way companies protect themselves from cyberattack. That’s because it will no longer be possible for companies to say, “We’re insured” and forget about cybersecurity; and equally insurers will soon be unable to claim that they don’t need to build expertise in cyber risk.

    Brave New World

    That it took this long for this change to begin may be surprising for those who don’t work in cybersecurity. For those of us who do, it is merely another indication that the legal and social framework that we’ve built up around breaking technologies has a long way to catch up.

    That’s not to say that this development is not welcome. In fact, a more responsible approach to cyber risk assessment is long overdue and will likely improve security in many organizations. CISOs find it easy to ignore junior systems engineers when they say that systems are vulnerable, but things might be very different if a company’s insurance premiums are affected by the same concern.

    In short, this shift might mean that insurance companies will finally force CISOs and CEOs to look seriously at the security that is in place within their organizations and improve it. That this task falls to insurance companies – rather than government regulators – is another strange aspect of the story, but then things have never been straightforward when it comes to cybersecurity.

    The Future

    Though long overdue, this new approach might finally end the game of “pass the buck” which has arguably contributed to many of the biggest hacks of recent years. Once the insurers and the insured have a better understanding of what they are and have been underwriting, this cyber risk enlightenment might just cause companies to realize the benefits of digital risk protection services, and that their best and most cost-effective cyber insurance policy is the work they do to reduce cyber risk. Only then will they see actual levels of cyber risk come down.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleIBM Federated Learning and Data Fabric: Preparing for the Next Pandemic
    Next Article Project Security in the Cloud for Media and Entertainment Industries in 2021
    Derek Dowell

    Related Posts

    10 Strategies to Stop Ransomware Attacks

    IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    Security Automation Cuts Down Expenses and Saves Time for IT Teams

    1 Comment

    1. Pingback: Cybersecurity Insurers Are Putting an End to the ‘Pass the Buck’ Era - InfoSec Today

    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 27, 2022

    Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity

    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Coffee and Politics
    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    Coffee and Politics
    Adobe
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Coffee and Politics

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.