As cyber attacks and data breaches are surfacing on a daily basis, our clients are looking for ways to mitigate the risk associated with these events. One of the most popular methods being explored is the use of cyber insurance. But, just what is cyber insurance?
Gartner defines cyber insurance as protection against losses related to cyber-risks, such as data theft/loss, business interruption caused by a computer malfunction or virus, and fines or lost income because of system downtime, network intrusion and/or information security breaches.
As a result of many recent highly publicized losses related to cyber security risks, interest in cyber insurance continues to grow. In fact, our recent 2014 Global Risk Management Survey showed that half of the companies surveyed are currently exploring some form of cyber insurance.
For those companies who are currently considering the use of cyber insurance, we offer the following five tips to find the right policy and to maximize the value of the coverage obtained.
- Don’t look to cyber insurance as a panacea for a weak IT risk and security program. To qualify and to obtain reasonable premiums, companies must have a strong security posture.
- To determine the true value of the policy, look beyond the quote to examine the policy language.
- Ask the broker/carrier about their history of paying claims and to provide specific examples.
- Complete the policy application thoroughly and truthfully – any inaccuracies may render claims invalid or provide an opportunity for the insurer to void the policy altogether.
- Reevaluate your IT risk and security program as well as any policy changes on an annual basis to ensure adequate coverage.
To learn more, read “Understanding When and How to Use Cyber Insurance Effectively” or see our latest research on cyber insurance at gartner.com.
Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer
As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.Read Free Gartner Research
Category: cyber-risk cyber-security cyberinsurance digital-risk enterprise-risk-management information-technology it-risk-management operational-risk-management risk-management security-of-applications-and-data third-party-risk-management
Tags: big-data cyber-insurance cyber-risk-2 cyber-security data-breach digital-risk-2 gartner information-security it-risk-management-2 it-security risk-management social-media-risk
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.