Cyber Insurance: Is It Worth the Cost of an Attack?

Cyber Insurance isn’t cyber security, so is it necessary? What’s the point of paying for 2 cyber services if only one is going to work? Read to find out.

There are a lot of methods of protection. In medieval times, knights wore metal armor and wielded swords and shields. On the football field, players wear helmets and pads. Even MMA fighters wear gloves and mouthguards.

Beyond personal physical protection, people can protect themselves and other by wearing seatbelts in the car, paying taxes to support our troops, law enforcement, and emergency services that keep us safe.

Insurance protects us from the aftershocks of accidents and emergencies, like car crashes, fires, or thefts. You can purchase renters, car, home, life, motorcycle, and health insurance. One of the newest types of insurance available is cyber insurance.

Cyber insurance isn’t cyber security. It is for after the attack happens, not before. Cyber security is supposed to protect and prevent attacks, while cyber insurance can help recoup the losses of an attack.

“It’s a rigged game. The attackers only have to be right once, and we have to be perfect.”

Doug Jacobson, a professor of computer and electrical engineering at Iowa State University, worries about the difficulties cyber security companies struggle with daily.  “Everybody’s trying to do the best they can,” Jacobson said. “It’s a rigged game. The attackers only have to be right once, and we have to be perfect. That’s not very fair. But that’s the game we’re being forced to play.”

Jacobson was interviewed in the aftermath of an attack on the State of Iowa’s employee pension system, where hundreds of thousands of dollars were stolen. According to The Courier, a local Iowa news company, Officials do not believe the hackers gained direct access to the state system, but rather obtained identifying information — Social Security numbers and birth dates, for example — through other means and used that to access the system.

The Pew Report (from the Pew Research Center in Washington, D.C.) stated that many states were spending big bucks on cyber insurance policies. Montana, or example, has a $2 million policy that covers all agencies and the state’s public university system; Utah bought a policy in 2015 after a data breach on its health department servers, according to the Pew report.

“It’s expensive. But it’s absolutely worth it.”

“It’s expensive. It’s a big budget item for us. But it’s absolutely worth it,” Michael Hussey, Utah’s chief information officer, said in the Pew Report. “You’re seeing breaches now that cost companies and states millions and millions of dollars.”

If cyber insurance costs so much, why are people buying it? To put it simply, the threat of a cyber attack is more than real, it’s knocking on your’s and our’s and everyone’s doorstep. Does that mean that one should purchase cyber insurance instead of cyber security? Not at all. Cyber security protects from potential attacks, and for every big new story about a security breach, there are millions of failed attacks that no one hears about.

Cyber security is vital to the integrity of any company. While cyber insurance maybe help recoup the financial losses (and could be very beneficial to any business),