To minimise the impact of a cyber incident, preventive security measures must be supported by cyber insurance and vice versa. In our interview with Arjan Halma, Managing Director of Eye Underwriting, we discuss the importance of cyber insurance for complete risk management. Read the interview to discover why cyber insurance is essential.
The chance that an organisation will be hit by a cyber attack is 1 in 5. By way of comparison, the chance that a company’s building will go up in flames is 1 in 8000. Yet almost every company has fire insurance, but not standard cyber insurance. “And it’s getting increasingly difficult to take out such cyber insurance,” Halma acknowledges. “Insurers look at risks. Not only is the risk of being affected as an organisation quite high, digital security is also a very dynamic risk. It's constantly changing. That makes it difficult to insure.” The result is that as a company you now have to face an endless stream of questionnaires in order to even request a quote from an insurer.
Detection and response
“Almost everyone knows that you can never secure your digital environment 100%,” says Halma. “There are simply going to be vulnerabilities that we are not yet aware of and therefore cannot protect ourselves against. That makes cyber risk very elusive.” This is why it is crucial to take preventive measures to secure systems as well as possible and to continuously monitor whether irregular behaviour can be detected on the network. “Good detection forms the basis of your security policy. You cover the rest of the risk with cyber insurance.”
Controllable risk
But that means you have to be able to take out such insurance, and that’s not easy nowadays. “In order to be able to offer good insurance, it is necessary that you as an insurer know how to estimate the risk. That’s only possible if you have a view of the systems from the inside.” But therein lies the crux, because how many organisations voluntarily allow their insurer to get inside their systems? That is why Eye came up with a new construction. “Eye Security, the company that provides cybersecurity, provides preventive measures and continuous monitoring. As a result, Eye Underwriting, the insurer, has the certainty that the risk is limited, because the required basic measures have been put in place. That makes the risk manageable and therefore easy for an organisation to take out insurance.” Halma emphasises that both parts of Eye function separately from each other. “At the insurance branch, we do not receive any information from Eye Security.”
Insurance coverage
Where the basic measures include prevention and monitoring to detect anomalous behaviour at an early stage, cyber insurance offers cover for the financial damage a company suffers if it is nevertheless affected by an incident. “Consider, for example, lost income, legal costs, liability damage, but also things like the ransom when you get hit by ransomware.” Halma emphasises that with insurance there is often a deductible that the company must pay itself. “In addition, you also insure yourself up to a certain amount. The premium you pay for the insurance depends on that maximum amount covered.”
Success lies in the combination
You take out insurance mainly for risks that you cannot bear yourself. That is a calculation that can work out differently for every business. “Yet you see that the total damage from a ransomware attack often runs into the hundreds of thousands, or even millions. Not only does your company have to cough up the ransom, you also have to deal with all kinds of other financial damage, so the amount can add up.” That’s why security measures and cyber insurance cannot do without each other. “It is no longer a question of if, but when you will be affected by a cyber incident. The only way to prevent your organisation from suffering serious damage as a result is to combine solid security measures with good cyber insurance,” concludes Halma.
Take out cyber insurance
Looking for more information about the combination of security and insurance for your company? Contact us via this page for a free consultation or a no-obligation quote.
