The rise in the number of successful attacks on technology infrastructures has driven a sharp jump in cyberinsurance policies underwritten for businesses over the last three years.
That finding, from a study conducted by the Ponemon Institute and credit data specialist Experian, has implications for both managed service providers and end-user organizations, according to an executive with Experian, as well as the president of NetDiligence, a provider of cyber risk assessment services, who were recently interviewed by IT Best of Breed.
MSPs with security practices loom as potentially critical advisers to clients that need to buttress their defenses against cyberattacks. Perhaps even better, they may find a unique revenue stream by working for cyberinsurance underwriters to either verify whether a company has the proper information security safeguards in place, or to investigate a claim.
That’s what Matt Johnson is experiencing. The CEO of Millersville, Md.-based security solution provider Phalanx Secure said more commercial insurers have reached out to his firm to conduct pre-insurance checks and vulnerability scans of a company’s information infrastructure. Phalanx has also been contacted to investigate a company’s technology infrastructure after a breach.
“Clients are definitely getting more security aware” and more businesses are talking out cyberinsurance policies, Johnson told IT Best of Breed.
The third annual Experian-Ponemon study on data breaches backs that up. The study found that 35 percent of businesses surveyed have taken out insurance policies to cover themselves against data breaches or cyberattacks. That’s up from a mere 10 percent in 2013.
While more companies were protecting themselves last year, there were notable data breaches. Health-care insurer Anthem, for one, was the victim of a February attack that exposed the records of more than 80 million patients and employees. And in October, Experian itself was attacked. The company said information on 15 million T-Mobile customers who had applied for the telecom vendor’s postpaid services (which Experian handles) had been compromised.
“Demand (for cyberinsurance) is up tremendously,” said Michael Bruemmer, who heads Experian’s Data Breach Resolution Group. Bruemmer told IT Best of Breed that companies that have purchased policies and filed claims agree strongly that the benefits of having the coverage outweigh the risks.
Another notable finding from that study? More businesses surveyed are calling on security service providers for help. Last year, 65 percent said they used third-party specialists in forensics or IT security. That’s up from 61 percent in 2014.
“We’re big proponents (of cyberinsurance) being a higher priority,” added Carl Gersh, director of sales and marketing at solution provider Forthright Technology Partners, of Miramar, Fla. “We’re not there yet,” he added, but predicted that could change within five years.