sb-as logo
Story image

Is cyber security insurance really worth it?

An industry leader has just addressed the situation surrounding cyber security and the insurance that comes with it.

Leon Fouche, partner and national leader of Cyber Security at advisory firm BDO, says that while cyber-attacks and data breaches are an increasing concern, selecting the right cyber insurance policy can be more complicated.

“We are seeing discussions about how to manage cyber risk starting to get momentum in the boardroom, and that is entirely appropriate,” says Fouche.

“If you are a business owner or key decision maker, you need to first understand whether cyber insurance is right for your business, and if so, which policy best suits your needs. To achieve this, you need a thorough understanding of what risks you truly face,” he adds.

“The cyber insurance market is evolving, and due to the lack of reliable data about the cyber security trends in local markets, insurance companies are limited in their ability to develop robust risk modelling for the costs of cyber-attacks. They mitigate this by having restrictive terms and exclusions in their cyber insurance policies.”

Fouche also mentions that there are a number of steps businesses can take to help understand the risks and the cyber insurance coverage required.

The first step Fouche says, is to undertake a risk assessment to understand a business’ current cyber risks, then quantify these risks and model the potential impact they would have on the business.

“For instance, you need to understand what the financial impact is if your organisation suffered a data breach,” he says.

“Make sure you evaluate risk exposures and assess whether you are comfortable with the level of risk to your business — perhaps you need to get cyber insurance to cover this,” adds Fouche.

“Then, evaluate cyber insurance policies for those risks you can’t remediate, and select a policy that provides the cover you need.  As a final check, you need to validate if the insurance policy will provide you the required cover by looking at cyber-attack scenarios to confirm that the policy would respond to claims for those scenarios.”

In a bid to help the market understand the cyber security challenges that businesses and organisations face, BDO has teamed up with AusCERT, the Australian cyber emergency response team. 

The two organisations will work together to conduct an in-depth cyber security industry survey. Thomas King, general manager at AusCERT, says benchmarking is an important step in getting it right. 

“This survey will help to identify current cyber security trends, issues and threats facing businesses in Australia and New Zealand."

To participate in the survey, head to BDO's website. 

Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More