In our first insurance installment in the Data at Risk series, we took a fairly narrow approach to cyber attack analysis in the industry. While major breaches at health insurance companies such as Anthem and Blue Cross Blue Shield make it seem as if the insurance industry is especially vulnerable to cyber attacks, these are often classified under healthcare breaches. Non-health insurers may not see high-volume data breaches, but cyber attacks offer a great opportunity for the industry—but with that opportunity comes great risk.
In the past, we discussed the points to keep in mind when choosing a cyber insurance policy. These were important points, but we may have been a bit ahead of the game.
The truth is that cyber insurance policies have lagged far behind the volume and monetary damages of data breaches. Cyber insurance policies cannot currently cover the damages and remediation costs of major breaches.
Instead, companies must invest in cyber captives to prepare for attacks. While cyber captives—essentially savings accounts set aside for breach costs—are effective in low value, high frequency scenarios, data breaches tend to be high value, low frequency incidents.
Take the infamous Target data breach, for example. With cyber captives and piecemeal cyber insurance policies, Target was able to insure itself for upwards of $100 million. However, more than two years later Target is still paying for damages and the costs are expected to reach more than $1 billion.
As more companies experience data breaches that aren’t quite covered by cyber insurance, a door is opening wide for insurers to capitalize on the potential business. However, this new business isn’t without its dangers for insurers.
Even as the insurance industry benefits from increased demand for cyber coverage, insurers must be aware of their own growing vulnerability to attacks. The more corporate data that insurers begin to handle, the more hackers will target these companies.
Being approved for cyber insurance requires an in-depth analysis of the corporate network and a surprising amount of insider information. Insurers will request data regarding operations and finances when creating a risk profile—and this information is a prime reward for attackers. Insurers may not be threatened for their own corporate data, but as they store client data they will become the victims of more high-profile attacks.
The first step that companies can take to protect themselves for inevitable cyber threats is to ensure total network visibility.
While insurers worry about finding a more effective way to meet cyber coverage demands, they must also worry about protecting their own stored data. By implementing network TAPs throughout their designs, insurers can ensure 100% visibility of traffic to all security and monitoring appliances. If you’re in the insurance industry and you’re used to evaluating risk, it should be easy to see why 100% network visibility is a key factor in improving a risk portfolio.
Looking to add inline or out-of-band security monitoring solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.