In 2018, cybercrimes caused 45 billion US dollars worth of damages worldwide. To put that into perspective: in the same year, all global natural disasters combined generated damages of 140 billion dollars. It is therefore hardly surprising that, in recent years, insurance companies have jumped on the cyber security train in the form of “cyber insurance”.

Their policies promise to cover damages caused by hacker attacks or any other IT-related operational failures.

The risks

However, for actual payments in the event of damages to be made, there is a long chain of measures in between that must first be cleared. Before a policy is issued, the insurance company performs an examination of the current situation, a so-called “risk analysis”.

During risk analysis, the insurance company will determine, in advance, which measures the company seeking insurance has previously taken to minimize any possible risks. The outcome of the risk analysis significantly affects the form of the policy.

In the best case, the premium for the insured company will be dropped because certain damage scenarios are ruled out or because the likelihood of occurrence has been marked as reduced. In the worst case, the insurance company will exclude certain aspects from the insurance coverage. Once everything is sorted, the policy can be effected.

Study garners attention

For many businesses, cyber insurance presents a potentially great solution. However, a study conducted by commercial property insurance company FM Global shows that protection in the form of insurance is far from ideal. In the study, more than 100 CFOs or other financial managers (in companies with a minimum turnover of one billion US dollars) were questioned.

One issue covered was the question of what types of problems are not usually covered by cyber insurance in the event of damages. Here are the most relevant issues that were identified:

  • Brand or reputation suffer damage
  • Investors implement stricter controls
  • Decline in sales
  • Compliance issues
  • Loss of market shares
  • Stock price falls

While you’re here – why don’t you sign up for our webinar?

“Top 5 Risks in Access Management” –
held by Helmut Semmelmayer, tenfold Software GmbH

Sign up for free

While you’re here – why don’t you sign up for our webinar?

“Top 5 Risks in Access Management” –
held by Helmut Semmelmayer, tenfold Software GmbH

Sign up now

Could identity and access management be the solution?

Whether it is real life, the financial world or the IT world: the truth is, you can never completely rule out a certain risk factor. The aim, therefore, should not be to eliminate all risks entirely, but to control them as best as we can.

There are some helpful IT tools available that do exactly this – and identity and access management is one of them. Let’s take the risk posed by so-called “inside threats” – i.e. attacks made from within the affected company itself – which are responsible for roughly a third of all cases of data abuse.

With the appropriate IAM tool in place, this risk can be massively reduced. Why? Because it controls who has access to what data and potential perpetrators can therefore only cause damage to data they actually have access to. The key to successful data protection thus lies in an all-encompassing concept for access management. An IAM software provides the technical basis for an effective implementation of such measures.

Cyber insurance: Conclusion

Cyber security is a hot topic. Annual losses are now in the tens of billions and rising. Insurance products can offer a reasonable solution to companies who are looking for a backstop. The problem: the insurance only takes effect once the damage is already done. Businesses are therefore well advised to do everything in their power to stop the damages from occurring in the first place – by implementing an identity and access management solution, for example.