Cyber Security Insurance: Why some organisations can't obtain it.

Written By Martin Nearhos

In today's hyper connected age, cyber attacks are increasing in frequency, and organisations are at risk of losing sensitive information, facing financial loss, and suffering the resulting reputational damage. One way to mitigate the financial aspect of the risk is by obtaining cybersecurity insurance, however, not all organisations are able to obtain this type of coverage. In this post, we'll take a look at some of the reasons why an organisation might not be able to obtain cyber insurance and what other options are available.

 1. Lack of proper security controls: Insurance providers will typically assess a company's existing security controls and risk management practices before offering coverage. If an organisation does not have adequate security controls in place, such as firewalls, intrusion detection systems, and incident response plans, they may not be able to obtain cyber insurance.

 2. High risk industries: Some industries, such as healthcare, finance, and retail, are considered to be at a higher risk for cyber attacks and may have a harder time obtaining coverage.

3. Previous data breaches: An organisation that has experienced a data breach in the past may be viewed as a higher risk and may be denied coverage or charged higher premiums.

4. Lack of insurance options: In some areas, the market for cyber insurance is still developing, and there may be a limited number of providers or options available.

5. Cost: Cyber insurance can be expensive, and some organisations may not be able to afford the cost of coverage.

As noted, some organisations may also choose not to purchase cyber insurance, as they may not see it as a necessary expense. However, in today's hyper connected age, cyber security in an important consideration as companies could be exposed to significant financial losses in the event of a breach. Therefore, organisations should evaluate the costs of insurance against the potential risks.

In addition, it's worth noting that some organisations can outsource their cyber security functions such as a 24/7 security operations centre (SOC), vulnerability management and other outsourced functions.

 In conclusion, cybersecurity insurance is an important consideration for organisations in today's digital age. However, factors such as lack of proper security controls, being in a high-risk industry, previous data breaches, lack of insurance options, and cost can all play a role. Organsiations should weigh the costs of insurance against the potential risks and consider alternative options such as outsourcing their cyber security functions and hiring cyber security consulting firms.

 

Disclaimer and notes:

Platform Data does not provide insurance coverage or Managed Services, we provide independent advice on outsourced cyber security functions, cyber insurance, strategic guidance and practical technical advice on enhancing our client’s security posture through risk-based decision making.

We have the technical and financial expertise to ensure any cyber risk-based decisions are in the best interests of your organisation.

Martin Nearhos