Cyber Insurance - is it *that* simple (I think not)

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

Lob

What could possibly go wrong?
Nov 7, 2020
47
6
It's been mentioned many times on SN, usually in the context of ransomware in local authorities, that cyber insurance has paid up to cover the actual ransom (or a large proportion of it).

The company I work for has a cyber security policy for which the conditions are strict (we must actively manage cyber risk). has a large deductible and costs a pretty penny. It's actually underwritten by a large number of companies. Having discussed it with those setting up the policy that it is there as a firm-saving insurance in case a worst case scenario that we could not prevent happens. FWIW. it's a financial institution with regulatory obligations in many jurisdictions that has a multi-billion dollar turnover annually.

Does anyone know where these (typically) state institutions are getting such insurance that serves up Bitcoin for their clients when needs must? It seems the industry will have a massive shake-up at some point because the insurance cannot just be a convenient option to do nothing else and not be prepared.

What is the experience of others in companies who have a cyber insurance in place?
 

AlanD

Well-known member
Sep 18, 2020
208
72
Rutland UK
Not quite a cyber insurance situation, but I used to work for a large multi-national bank, and I know that the deductible on our theft policy some 20 years ago was GBP10m. It was cheaper to cover the small losses from profits rather than pay the premiums.
 

Barry Wallis

Magician in Training
Not quite a cyber insurance situation, but I used to work for a large multi-national bank, and I know that the deductible on our theft policy some 20 years ago was GBP10m. It was cheaper to cover the small losses from profits rather than pay the premiums.
That is exactly what insurance is. It is a method of transferring risk from the insured to the insuring company. The deductible is the measure of how much risk the insured is willing to bear. For example, as my salary increased, I increased the deductible on my collision insurance as I was able to shoulder more of the cost should an accident occur for which I was liable. Once my car got old enough that the premiums were more than they would pay if it were totalled, I droppped collision entirely.