Should a firm choose cyber insurance or cyber risk management?

Cyber risk management and cyber insurance are not interchangeable, a firm needs to have both to ensure they are fully protected in the digital ecosystem, according to a new podcast from KYND.

The podcast, “Cyber Risk Management vs Cyber Insurance – is one better than the other?” can be listened to for free. It gets the insights from KYND broker expert Benjamin Duffy and Paragon partner William Wright if cyber risk management or cyber insurance is better.

During their discussion, both Duffy and Wright agreed one does not replace the other.

Duffy said, “Risk ownership cannot be fully transferred and cyber insurance is a component of a broader risk management strategy that includes identifying, mitigating and monitoring exposure.” There has been a hardening of the market and cyber insurance and risk management are simply processes at different stages of the digital security process. Risk management is aimed at the prevention of attacks, whilst cyber insurance is there for anything that slips through.

He continued, “The way I tend to think about it is pre and post an event. Pre an event [is about if]  there has been the necessary steps to adequately reduce susceptibility to cybercrime, ie risk management and security protocol? [While] during and post an event, is there the capability to manage the incident, is there the access to in depth technical assistance and is there the financial protection to aid with legal and regulatory actions, all of which, speak to the insurance policy.”

Cyber insurance is also impacting the way cyber criminals attack businesses, Duffy stated. While an attacker will look at the security posture of a business and how susceptible they are to various cyberattacks, they will also account for their cyber insurance. If a company has a policy in place, they will likely tailor their attack in the hope of an easy payout, he explained.

A lot of firms would rather just pay the ransomware to get their systems up and running quickly, rather than dealing with the time and expense of getting it back other ways, he said. This highlights the need of strong risk management to stop attacks happening, but the need for cyber insurance in the event something does happen.

Wright echoed these opinions, stating that risk management involves a lot of facets and one of the important ones is cyber insurance. He explained that ten years ago there was little interest in buying cyber insurance. It was only driven by the increase in privacy regulations. GDPR has been a major driving factor of this and now firms are a lot more interested in cyber insurance as a failsafe for a data breach or a ransomware attack.

Wright said, “10 years ago, [cyber insurance policies] put themselves alongside the virtues of risk management and made it very difficult to explain the relevance and the importance of a cyber insurance policy to a UK customer. That is now completely different because all UK businesses will no doubt be deploying some form of risk management and mitigation protocols and yet, we still have these outrageous playing scenarios happening constantly.”

To listen to the full podcast click here.

Copyright © 2020 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.