How has Cyber Insurance Changed?
Achilleion CEO, Amir Tarighat, sat down with cyber insurance expert, Mike Volk, to discuss how
cyber insurance has changed in the last decade and what this means for all businesses and individuals that use at minimum some form of technology or data.
In the Achilleion Live episode, Cyber Insurance with Mike Volk, Mike explains how five years ago, cybersecurity was mainly sought after by the companies that knew they had a data exposure or we’re already thinking about cyber risk management--which wasn’t a lot. That’s why education and awareness played a key role.
However, it was not a matter of educating people on insurance, but rather more about educating people on their risks and their exposures--discussing what could go wrong and helping them conceptualize the topic of cyber risk. Many companies would think, “oh well, I’m a smaller business, so it doesn’t matter for me,” but come to find out that is farthest from the truth.
It started with just cyber insurance for the larger businesses with more complex risks. Now, the small and medium-sized companies that handle data and use technology to operate have moved from a physical location to people working remotely. In addition, the fact that most new businesses are born in the cloud--they don’t have a data center or a network--is another main reason why more and more companies seek to understand and acquire cyber insurance.
Nowadays, cyber insurance is necessary for really any business, unless it’s still pen and paper and doesn’t use technology or have data--which is only a handful of companies out there still. Furthermore, while many businesses may have general liability policies with some included technical coverages, these fall short of full technical coverage and therefore shouldn’t be what companies wholly rely on.
Mike and Amir discuss how if you look at the data breaches across the United States--whether it’s like cybercrime-related or like privacy, data theft--it is not the case where advanced technology companies are being breached all day long. In actuality, it’s the small businesses, medium-sized businesses, who are getting breached more often. Construction companies and manufacturing companies are just as much not if not more commonly, targets than technology companies.
As for health care companies and financial companies that have regulatory compliance risks: criminals are smart and they’re focused on the people they can extract the most value from, so the data they steal--whether it’s personal information or credit card--it’s just a commodity to them. And so at the end of the day, it doesn’t matter to them if they’re stealing from Citibank or a small construction company with 100 customers.
To that end, Amir expresses how he wants to “bring more attention, not just from the technical side, but on the risk management side too, for the small businesses, startups, and people who are like, ‘We’re too small to think about security or insurance’ when they’re really the most vulnerable.”
To learn more about cyber insurance and understand why it is becoming increasingly necessary, watch the Achilleion Live video of Mike and Amir’s conversation below.