The home of Cyberxpert

Weblog

- blog repost from 2015 old site-
“Cyber liability insurance is becoming an increasing necessity” claims a Tripwire report. And the net-security article mentions a KPMG survey that reports that over 74% of businesses do not have a cyber security liability insurance. And that less than half of thoses who do, are convinced that the insurance will cover the actual costs of a breach.
So, this clearly marks the start of a new campaign to open a new, profitable market for insurance companies. But it’s another poor try by the cyber industry. Apart from the fact that current cyber insurance offerings are immature, there is a bigger problem. As we stated earlier (like here and here), most breaches are not due to unexpected attacks on the internet, most companies do not fall victim of an attack. Most breaches occur because of failing internal, organisational and technical controls. And will insurance companies cover your own failures? Traditional insurance doesn’t cover theft if a homeowner didn’t lock his house. Same for cyber. Same small print. And when the insurance markets is maturing, we can expect a lot more small print.
#ditchcyber and if your cyber consultant wants you to insure your cyber risk, ditch your consultant too.