AIG: Cyber insurance sales have risen by 30%

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazineuk.com/aig-cyber-insurance-sales-have-risen-by-30/article/329623/

Multinational insurance provider AIG today told The Financial Times that
sales of cyber insurance had jumped up by 30 percent in 2013 when compared
with the year before.

“What we've being seeing is significant growth,” said Tracie Grella, who
oversees AIG's cyber insurance initiatives as the head of professional
liability. She added that cyber insurance had jumped by 30 percent on a
year-on-year basis in 2013.

Despite this, there are conflicting figures on how just big cyber insurance
has become. For all the prominent hacks against the likes of Target, a
report from Experian late last year found that just 31 percent of US
companies had cyber insurance policies in place. However, another study
from risk management research firm Betterley Risk Consultants founds that
the annual gross premium for US cyber insurance policies was USD $1.3
billion (£734.2 million).

It is perhaps no surprise then that one information security expert
believes that it is still early beginnings for the nascent cyber insurance
market.

“It's an immature market,” said Karl Schimmeck, VP of financial services
operations at Sifma, an industry group for financial companies that last
year spearheaded a simulated wide-scale cyber attack on Wall Street, when
speaking to the FT.

“The risks are not very well understood. There's not a lot of historical
information that insurance companies can call on to quantify their risk.
That's part of the problem.”

Even AIG's own CEO, Peter Hancock, confessed at a recent conference that
the market has plenty of growth ahead.

“This is still a very small market that gets more talk than action, but it
is a growth opportunity,” said Peter Hancock, executive vice president of
American International Group Inc and CEO of the insurer's property/casualty
unit.

Speaking shortly after the announcement, Lior Arbel, the CTO of information
security firm Performanta, said that the figure was welcome news, but
worries that the policies themselves may not cover enough.

“It is not surprising given the growing prevalence of cyber-attacks that
insurance to protect a company's assets from the danger is also growing to
match the threat,” Arbel told SCMagazineUK.com.

“However, although insurance is important, it ignores that the damage from
a cyber-attack goes far beyond specific infrastructure or hardware damages.
The full effect of a cyber-security attack could involve not only the loss
precious lost data, and a loss of trust, but also result in irreparable
reputational damage with customers.

“Priority for budget must therefore be in technologies and strategies to
prevent the cyber-attack in the first place. Businesses need to take
proactive steps to ensure its information is properly monitored and
secured, from external and internal threats, with the implementation of an
effective Data Loss Prevention system.

"If a company or its customer data is stolen, no amount of insurance money
will win back confidence in the company.”

Ashish Patel, regional director at Stonesoft, a McAfee Group Company, added
that this is the latest sign that organisations are beginning to take cyber
attacks seriously.

“This growth highlights the seriousness with which organisations are now
taking the credibility of cyber-attacks with the digitalisation of
business,” he told SCMagazineUK.com.

“Mass investment in insurance indicates that many businesses are out of
their depth and are starting to realise that they now need to view cyber
security as a whole package. This includes prevention techniques,
mitigation, defence strategies and also compensation should the worst
happen.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.