Access your Pro+ Content below.
Part of the conversation on cyber risk insurance
This article is part of the Information Security issue of July / August 2014 Vol. 16 / No. 6
Cyber risk and liability insurance generates lots of questions but evidence of a growing market remains hard to find. Of the 1,000 commercial property and casualty insurers, about 30 offer "good" cyberinsurance, according to Mark Geisiger, president of NetDiligence, whom I interviewed for an article this month. Adoption numbers also remain steady, with many studies indicating that roughly one-third of the risk managers surveyed said their organizations have cyberinsurance policies. Far higher percentages of companies express interest in cyber risk and liability insurance products, especially after security incidents. Security officers have limited involvement in insurance decisions. "We haven't seen a whole lot of change from an adoption standpoint," said John Wheeler, research director for security and risk management at Gartner, "or any maturity in the products that insurers are developing." That's largely because the data breach loss information is very hard to obtain, according to Wheeler, and the insurers have limited ...
Access this PRO+ Content for Free!
Features in this issue
Big data offers horizontal scalability, but how do you get your database security to scale along with it?
Immature products and a lack of standardization raise critical questions about first-party risk and third-party liability.
FedRAMP raises the bar for security among applicable cloud providers, but can it influence broader cloud computing contracts and standards?
This Beyond the Page examines how some enterprises are protecting their big-data ecosystems with encryption, security data analysis and visualization.
Columns in this issue
Security deserves a seat at the risk management table.
Marcus Ranum chats with Columbia University's Joel Rosenblatt to learn how "apples to apples" comparisons helped automate critical security processes.
Threat intelligence feeds help you prioritize signals from internal systems against unknown threats. Security intelligence takes it a step further.