- One in five companies plans to take out cyber protection insurance
- Professional IT security measures take precedence; cyber insurance covers residual risks
A cyber protection insurance can mitigate the financial risks of a hacker attack and targeted white-collar crime. However, only about five percent of companies have taken out such insurance to cover the event of a cyber attack. This is a finding of the current study, “IT Security 2018” by eco – Association of the Internet Industry. “A cyber protection insurance makes sense for most companies, especially since any disruption of work due to online crime entails a high financial risk,” says Oliver Dehning, Head of the Competence Group Security at eco – Association of the Internet Industry.
Adequate basic IT protection serves to prevent damage
The insurance covers the residual risk. However, the focus should be on adequate basic protection ensuing from various measures undertaken by the company itself. These include daily data backups, prompt installation of security-relevant software updates, strong passwords, and protection against unauthorized access to personal and other sensitive data, as well as authorization management and encryption. The level of IT protection that is appropriate varies from company to company. “The requirements for corporations are higher than for small and medium-sized enterprises,” says Dirk Kalinowski, member of the Competence Group Security at the eco Association and expert for cyber insurances at AXA Insurance. “Companies whose daily business is the handling of personal data must meet stricter requirements in order to prevent information security incidents.”
Contingency plan is a must
First and foremost, companies and insurance companies should sit down together and examine just how well the company is protecting itself against cyber threats. This increases awareness among responsible parties in the company and helps them to assess their own risk realistically. Risk can be reduced, for example, by taking precautions to minimize damage in the event of an incident, such as an emergency plan that companies regularly review and update. According to the 2018 eco security study, 32 percent of companies have already implemented an IT contingency plan to prevent cyber attacks. The topic in itself is rated by around 80 percent of the experts surveyed as important or very important.
A further finding of the study: Around 18 percent of the approximately 950 respondents plan to take out cyber protection insurance. “Companies are becoming more and more dependent on IT. As complexity increases, so does vulnerability,” says Dehning. He thus recommends availing of cyber insurance to compensate for any personal or third-party damage caused by a DDOS attack, a hacker attack, or social engineering, or for the cost of recovering data.