BDO Know How August 2016: Cyber Insurance - is it right for your business?
16 August 2016
With cyber-attacks and data breaches becoming increasingly more frequent, a gap has opened in the market to help mitigate these risks for large and small businesses. In response to these risks, many insurance companies have begun to offer cyber ‘liability’ insurance.
More than two-thirds of respondents to a recent BDO survey said that their board was more involved in cyber security than it was a year ago. However due to the general lack of information available on the costs of cyber-attacks and data breaches, insurance companies are limited in their ability to develop robust risk modelling. This results in narrow liability policies to negate the insurer’s own risk.
Below are six steps you should take to understanding your businesses risks to determine if cyber insurance is right for you.
- Perform a risk assessment of your environment.
- Quantify these risks and understand the potential impact this will have on your business. For instance, what would be the financial impact of a cyber-attack you couldn’t defend against?
- Evaluate risk exposures and assess whether you are comfortable with the level of risk to your business. If not, cyber insurance’s potential benefit would outweigh its cost.
- Evaluate insurance policies for those risks that you can’t remediate and select the most beneficial to your organisation.
- Implement a security risk remediation programme to ensure the gaps you have identified are covered.
- Implement cyber incident detection and response processes.
With ever evolving technologies this process should be repeated as often as you see fit, but at least each year. If this is your first time completing a full cyber risk assessment there are many resources and experts available. Bear in mind, insurance brokers themselves do not necessarily have the expertise required to present the most accurate client assessments. For assistance with cyber risk assessments and safeguards please contact BDO’s Risk Advisory team led by Tarunesh Singh.