After recent cyberattacks on major companies such as Sony, Lockheed Martin and CitiBank, more industries are protecting themselves with cyber insurance.
Like other insurance types–home, life, auto–cyber insurance provides protection in case of critical data loss or other virtual disruptions that impact the business or economic structure of organizations.
Although cyber insurance is not new, there is a significant demand for companies to invest in more cybersecurity, said Larry Ponemon, chairman and founder of the Ponemon Institute, which provides privacy, data protection and information security policy for organizations in the private and public sectors.
“I think organizations–because of fear and concern and the reality that cyber crime is getting worse–are really starting to think that this might be a good backup mechanism to reducing their risk,” said Ponemon in an interview on the Federal Drive Tuesday.
Ponemon said the risk is growing to companies, including federal contractors, because of a lack of industry standards for securing systems.
“We know there are security standards in place, but there is a lot of variance across industries,” he said. “If we do it correctly, we need to have a standard that insurance companies are comfortable with. But right now, standards vary by industry and organizational size, and are not mandated by anyone.”
Ponemon said his organization is looking into the cost of data breaches to industry. He said for a breach of 1,000 people to 100,000 people, the cost for a company could be as much as $8 million.
“It’s not just cash resources, but lost customer support and a lost of reputation,” he said. “What will happen initially is certain features of a breach that can be measured will be insured, but other features such as soft cost may not be included initially.”
As the number of cyber-related attacks increase, small companies are finding that they are not exempt from hackers or security intrusion.
Ponemon said small to medium-sized businesses are at a greater risk of security issues, because, in part, they have fewer resources for protection.
As for the future of cyber insurance, Ponemon said he expects demand to increase over the next two-to-five years, particularly for industries that vary in type and size.