To minimize the impact of a cyber incident, preventive security measures must be supported by cyber insurance and vice versa. In our interview with Arjan Halma, Managing Director of Eye Underwriting, we discuss the importance of cyber insurance for complete risk management. Read the interview to discover why cyber insurance is essential.
The chance that an organization will be hit by a cyber attack is 1 in 5. By way of comparison, the chance that a company’s building will go up in flames is 1 in 8000. Yet almost every company has fire insurance, but not standard cyber insurance. “And it’s getting increasingly difficult to take out such cyber insurance,” Halma acknowledges. “Insurers look at risks. Not only is the risk of being affected as an organization quite high, digital security is also a very dynamic risk. It's constantly changing. That makes it difficult to insure.” The result is that as a company you now have to face an endless stream of questionnaires in order to even request a quote from an insurer.
Detection and response
“Almost everyone knows that you can never secure your digital environment 100%,” says Halma. “There are simply going to be vulnerabilities that we are not yet aware of and therefore cannot protect ourselves against. That makes cyber risk very elusive.” This is why it is crucial to take preventive measures to secure systems as well as possible and to continuously monitor whether irregular behavior can be detected on the network. “Good detection forms the basis of your security policy. You cover the rest of the risk with cyber insurance.”
But that means you have to be able to take out such insurance, and that’s not easy nowadays. “In order to be able to offer good insurance, it is necessary that you as insurer know how to estimate the risk. That’s only possible if you have a view of the systems from the inside.” But therein lies the crux, because how many organizations voluntarily allow their insurer to get inside their systems? That is why Eye came up with a new construction. “Eye Security, the company that provides cybersecurity, provides preventive measures and continuous monitoring. As a result, Eye Underwriting, the insurer, has the certainty that the risk is limited, because the required basic measures have been put in place. That makes the risk manageable and therefore easy for an organization to take out insurance.” Halma emphasizes that both parts of Eye function separately from each other. “At the insurance branch, we do not receive any information from Eye Security.”
Where the basic measures include prevention and monitoring to detect anomalous behavior at an early stage, cyber insurance offers cover for the financial damage a company suffers if it is nevertheless affected by an incident. “Consider, for example, lost income, legal costs, liability damage, but also things like the ransom when you get hit by ransomware.” Halma emphasizes that with insurance there is often a deductible that the company must pay itself. “In addition, you also insure yourself up to a certain amount. The premium you pay for the insurance depends on that maximum amount covered.”
Success lies in the combination
You take out insurance mainly for risks that you cannot bear yourself. That is a calculation that can work out differently for every business. “Yet you see that the total damage from a ransomware attack often runs into the hundreds of thousands, or even millions. Not only does your company have to cough up the ransom, you also have to deal with all kinds of other financial damage, so the amount can add up.” That’s why security measures and cyber insurance cannot do without each other. “It is no longer a question of if, but when you will be affected by a cyber incident. The only way to prevent your organization from suffering serious damage as a result is to combine solid security measures with good cyber insurance,” concludes Halma.
Take out cyber insurance
Looking for more information about the combination of security and insurance for your company? Contact us via this page for a free consultation or a no-obligation quote.
Related articlesShow all
Read our blog post about the impact of the new 'cybersecurity' directive, NIS2, on insurers.
The insurance market is now aware that cyber risk is difficult to manage and therefore difficult to insure. Read more in our blog.
Our cyber experts have analyzed over eleven thousand alerts from the past year. In this blog, we share the results of this analysis. Read more.
Improve your digital security in the new year with these cybersecurity resolutions. Protect your business from the growing threat of cyberattacks in 2023.