In the past we’ve looked at the general poor preparedness of both industry at large and the insurance sector when it comes to cyber-security. Businesses remain underinsured and many insurers don’t have enough experience in this sector. However, is it possible to turn the equation backwards and predict that in the near future – the cyber-insurance industry will direct the cyber-security industry?
Cyber-Security is Complex
The biggest challenge facing the cyber-security industry is that it’s not one single joined up entity. There are dozens of niches within that industry and each focuses on a specific element of security. For example, anti-virus vendors and firewall vendors are often separate businesses.
In fact, when you start to examine most company’s cyber-security approaches you’re talking about a mish-mash of hardware, software and policy driven initiatives. Each of these initiatives provides a potential point of failure. Some may fail in isolation, others may cause more significant knock-on issues throughout the cyber-security ecosystem.
Worse, because the external capabilities of would-be infiltrators may evolve at any second – the entire infrastructure can become obsolete in seconds without you knowing about it.
There’s simply no magic bullet for cyber-security and this drives the need for cyber-insurance.
The Insurance Industry’s Vantage Point
Insurers are in a unique position to take a high level overview of the effectiveness of cyber-security provisions. They will assess the infrastructure when making risk assessments for policies but more importantly; they will be the main recipients of data when that infrastructure fails.
Individual cases won’t provide much insight into where points of weakness really lay but when that data is aggregated on a larger scale – the insights it provides will be invaluable to the entire cyber-security industry.
More importantly, that insight could lead to a closer alignment of security provision. It might force the industry to act in a concerted direction rather than vendor by vendor. It’s not that cooperation doesn’t exist in cyber-security, in fact, it’s one of the most cooperative industries out there with data sharing at the product level being incredibly complete but that “big picture” isn’t easily accessible from a vendor’s vantage at the moment.
In future we expect to see cyber-insurance playing a much more important role in businesses. At the moment there’s some progress in major enterprises in terms of insuring against cyber-risk but very little in the medium to small enterprise sector.
When insurers and cyber-security providers step up their game together – the process of client education should be easier. This in turn should mean greater take up of policies, in turn driving an even clearer “big picture” which means better products and fewer risks. This is a virtuous circle when it comes to delivering value for insurance customers and cyber-security customers alike.