Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Why cyber insurance is worth the investment

By Scott Cutler, Director UK&I Sales at Fortinet.

For almost as long as businesses have been subject to risk, some form of insurance has existed to mitigate their exposure. The first recorded commercial insurance policies date back to Babylonian times, and in the thousands of years since, the types of business cover available have multiplied exponentially, driven by the uptake of technology.

It’s now over 20 years since the first cybersecurity policy was written. At the time, this was considered groundbreaking – although by modern standards, its scope was limited. These days, cyber insurance providers cast a far wider net. By 2025, it’s expected the global market size will grow to over $23 billion. Some policies cover the costs arising from first-party data breaches, while others cover liability for damages, providing assurance for companies who collect and store sensitive customer information. Professional Liability, meanwhile, protects businesses that sell technology services against negligence claims.

While the cybersecurity insurance market is getting more complicated by the year, the risk of cyber breaches is still growing. To get a grip on it, some forward thinking businesses are looking at digital audits to ensure that the insurance they take out will cover what they need it to. Others are working with vendors to get the right overall cybersecurity insurance policy for their business. Either way, the place of the policy holds firm.

Putting a figure on protection

Scott Cutler
Scott Cutler

Cybersecurity policies are unusual in that they’re both difficult to price and it can be hard to see exactly what they’ll provide in the event of a security incident. For one thing, it’s tough to put a figure on this sort of risk, especially since there’s very little actuarial evidence available to base policy decisions on. Accordingly, there’s no ‘standard’, and businesses may find the quotes they receive to be off-puttingly high.

Risk is also ever-changing. In an environment where new threats emerge on a daily basis, many businesses struggle to understand exactly what digital protection they need. What worked last year may no longer be relevant, making the potential benefit of cyber insurance unclear. Given how hard it is to establish the right level of cover in the first place, some even wonder if cyber insurance is akin to PPI, which was mis-sold to millions of people during the 1990s and early 2000s to cover mortgages, loans and credit cards.

Businesses are also rightly concerned about reputational risk. While you might be able to attach a numerical value to the income lost during a systems outage, reputational damage can’t be smoothed over with a lump-sum pay-out – especially since it’s impossible to predict exactly how much business you’ll lose as the result of a breach. As a result, some may avoid the hassle and cost of a cybersecurity policy altogether.

The concern is understandable. However, the risk is that businesses may end up with cover that doesn’t fit their requirements, or no cover at all. This is problematic because, despite its complications, cybersecurity insurance is an important and valuable part of an organisation’s cyber security readiness, and particularly for sectors like financial services, where the data held by businesses is extremely sensitive.

For example, although it can’t rescue a company’s reputation, insurance can at least partially provide the funds to remediate a situation, whether that’s setting up hotlines to help customers, providing financial compensation, or covering a period of business outage.

For larger enterprises, there may be a need to engage legal advisers, communication specialists, and first responders – all of which could be funded by an advanced cyber insurance policy. And – as an unexpected side effect – the process of securing insurance can even help businesses to identify gaps in their current cybersecurity set-up, as well as training gaps in their frontline cybersecurity staff.

Threat analysis: the audit advantage

While the ostensible benefit of insurance is financial cover, the act of arranging it can help businesses to protect themselves more effectively against threats. In order to receive a quote for a cyber insurance premium, businesses must undergo a threat analysis.

This audit can also go some way to preventing issues from arising in the first place, because businesses gain a valuable understanding of the lie of the land within their organisation – including where valuable digital assets sit, and which controls could be implemented in order to secure them. This sort of in-depth analysis puts businesses in a much better position to take proactive decisions around cybersecurity, highlighting any potential gaps and providing the impetus for action, including training.

The right cover for peace of mind

Securing board level approval for taking out a cybersecurity policy isn’t easy, given how confusing this particular cover type can be. Yet despite the difficulty of precisely establishing the value of cover needed, cyber insurance isn’t like PPI. And it certainly isn’t a policy that any digital-facing business should be without.

Businesses must therefore be prepared to invest in the right threat analysis process to ensure they have the correct level of cover in place and adequately trained staff to take responsibility for cybersecurity. Not only will this go some way to providing peace of mind – it might even uncover security risks businesses never knew they were exposed to.