Cyber threats too much for the insurance industry

The government should be prepared to offer cover for cyber risks according to a leading insurer who is worried about the costs of hacking

Cyber attacks pose such a danger to enterprises that traditional insurance might not be able to provide the cover needed to help them get back to normal after an attack.

One of Lloyd's of London's largest insurers has made comments calling on the government to step into help cover the risks because the cyber attacks were now one of the most pressing concerns for the industry.

The reaction of the insurance world charts another moment in the history of cyber security as it moved out of the virus writer's bedrooms to become a criminal issue and then more lately a tool used by nation states to undermine and destabilise their enemies.

Speaking at an Insurance Insider conference yesterday Stephen Catlin, the founder of insurance company Catlin, was reported as telling the audience that the costs of covering cyber attacks was now beyond the balance sheets of some insurers and government had to step in.

Some government schemes do exist to help those businesses that have been impacted by terrorist activity and Catlin's suggestion was that something similar was made available for cyber security.

Some in the channel argued that the speech should stir debate about how firms approached risk and be a reminder of the need for a company-wide approach to defending themselves against cyber attacks.

“Businesses should not rely on insurance as a way of protecting themselves from an attack, whilst insurance may help mitigate some of the financial impact of a security incident or breach, the reputational impact, and the impact to the business operation cannot be mitigated with insurance in the same way.   Instead, organisations need to be smart with their approach and consider the people, process and technology elements when it comes to responding to the threats they face," said Rob Lay, solutions architect for enterprise and cyber security, UK & Ireland for Fujitsu.

"By taking this risk based approach, businesses can ensure that they are dealing with the largest and most dangerous issues first," he added.

Darren Anstee, director of solutions architects at Arbor Networks, said that attackers were after information, which if stolen could cause financial damage to a company.

“According to research from the Economist Intelligence Unit, sponsored by Arbor Networks, the demand for insurance products which insure against losses due to cyber-attack is growing strongly - however market penetration is still relatively low," he said.

"As the costs around successful cyber-attacks, and thus the business risks, become more widely appreciated it is hoped that organisations will invest to raise their security posture. However, defending organisations from today’s threats is not all about technology, there needs to be at least as much focus on the people, processes and workflows that are involved," he added.

Read more on Threat Management Solutions and Services