Monday, February 13, 2012

Cyber Insurance and Security

I recently read an article in Computerworld that really got me thinking about servers: what they are, what they do and what they hold. Traditionally, the insurance industry has offered risk protection from tangible events – even if they are unpredictable.  Hurricane and earthquake insurance are factored by damages and physical loss; but how would cyber insurance be factored? Although we’ve made great strides, we still cannot predict or easily measure the impact of a future data breach. So the question is, how can companies provide any reasonable cyber insurance?

Cyber insurance can account for the physical aspect of a server being lost or stolen, and guess the value of the data that would be lost during a server compromise. But what if a server is unable to perform its job due to cyber incident or vulnerability?  Does the insurance consider the loss in productivity that would occur if a compromise affected server performance or availability?  And how does this extend to our partners’ datacenters, cloud services and mobile computing capacity?

The fact is, a strong, strategic security policy and holistic security framework can assist in providing visibility and actionable tasks that will have the most impact against the highest risks. In other industries, taking responsible actions to mitigate risk helps companies reduce their premiums, as well as predict the amount of necessary coverage, so they don’t over-extend. It’s too soon to tell, but it will be interesting to see how cyber insurance and security risk management will continue to mature in the next few years.

For more information on this topic, check out my podcast below, and be sure to visit our website to learn more about how the McAfee Security Connected framework can help your business enable centralized, efficient, and effective risk mitigation.

By Kim Singletary