In the event of a debilitating attack, cyber insurance and associated services can limit an organization’s financial damage from direct and indirect costs and help accelerate its recovery.
In the study Cyber Risk Management: Response and Recovery, from Marsh & McLennan Companies Global Risk Center and WomenCorporateDirectors, an example is provided that as a result of the NotPetya attack, one global company reported a decline in operating margins and income, with losses in excess of USD500 million in a fiscal year.
The company noted the costs were driven by investments in enhanced systems in order to prevent future attacks, incentives offered to customers to restore confidence and maintain business relationships, claims for service failures, expenses associated with data breach or data loss due to third-parties; and “other consequences of which we are not currently aware but may subsequently discover.”
The very process of assessing and purchasing cyber insurance can bolster cyber resilience by creating important incentives that drive behavioral change, including:
- Raising awareness inside the organization on the importance of information security
- Fostering a broader dialogue among the cyber risk stakeholders within an organization
- Generating an organization-wide approach to ongoing cyber risk management by all aspects of the organization
- Assessing the strength of cyber defenses, particularly amid a rapidly changing cyber environment
Insurers are responding to evolving cyber threats and costs by providing expanded coverage options for business interruption, extortion, and costs associated with response and recovery.
Cyber insurance can be obtained on a standalone basis or through cyber-specific endorsements to traditional policies. As an additional benefit, standalone cyber insurance products include access to service providers that can assist policyholders in responding to cyber incidents and preparing response plans. For example, training, forensic experts to assess the extent of the intrusion, legal expertise on necessary notification and disclosure, public relations support and response plan protocols. Small organizations especially benefit from the expert assistance.
Read the full report >>
Click here to register to receive e-mail updates >>