Access your Pro+ Content below.
Is cyberinsurance worth the risk?
This article is part of the Information Security issue of July / August 2014 Vol. 16 / No. 6
As established insurance providers and startups rush to sell cyberinsurance to companies of all sizes, many enterprises still can't find insurance policies due to the lack of product standardization and complexities of establishing adequate coverage. High-profile breaches and the growing realization that potential revenue losses from cybersecurity risks areare on par with business interruptions and natural disasters may change those dynamics. Stricter data privacy notification laws, government incentives and cloud adoption have amplified interest in cyber risk insurance. "There is a lot of capacity, so there are a lot of insurance carriers chasing the same customers," said Mark Greisiger, president of Philadelphia-based NetDiligence, a firm that specializes in cyber risk assessment for major insurers, brokers and industries. "You will find underwriters willing to undercut premiums and insure customers who might not have the best controls in place, because they want to put revenue on the books this quarter." Immature products and...
Access this PRO+ Content for Free!
Features in this issue
Big data offers horizontal scalability, but how do you get your database security to scale along with it?
Immature products and a lack of standardization raise critical questions about first-party risk and third-party liability.
FedRAMP raises the bar for security among applicable cloud providers, but can it influence broader cloud computing contracts and standards?
This Beyond the Page examines how some enterprises are protecting their big-data ecosystems with encryption, security data analysis and visualization.
Columns in this issue
Security deserves a seat at the risk management table.
Marcus Ranum chats with Columbia University's Joel Rosenblatt to learn how "apples to apples" comparisons helped automate critical security processes.
Threat intelligence feeds help you prioritize signals from internal systems against unknown threats. Security intelligence takes it a step further.