Security Think Tank: Cyber insurance no substitute good security practices

How can IT security best use the new financial and insurance products available to IT to improve data protection without increasing cost?

You cannot improve your data protection using insurance products without increasing costs.

To get insurance protection you need to have good demonstrable, documented and maintained security practices in place, such as ISO 27001 certification, as well as additional requirements (ISO 9001, ITIL, dedicated skilled security staff etc). 

If you do not have those security measures in place, or the measures you have do not meet the requirements set out by the insurance company, your costs to gain insurance will increase or you will not be offered insurance at all.

Insurance is based on the assessment of risk and a company’s risk appetite, and those of an insurance company need to at least match in order for insurance cover to be issued.

If you have all the required security practices in place, then insurance should cover for unpredictable events such as security breach occurring within say three hours of a critical patch being released ie insurance is no substitute for good security practices.

Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.

This was last published in October 2013

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close