Cyber Insurance May Be Null And Void without ‘Due Care’

Cyber Insurance May Be Null And Void without ‘Due Care’

There have been rising concerns in the world of cyber-security. Most companies worldwide believe that their cyber insurance will cover and protect them against any loss associated with a breach. However, the senior board members of the company need to be mindful. They need to understand for a fact that in case they are unable to take any reasonable precautions, then their insurance investment could as well be null and void.

It is a well-known fact that the cyber insurance market in India alone is on rising and has been trying its best to mirror the rapid expansion of the US and UK cyber insurance market. Now, even though the global insurance industry has been seeing it as a valuable new market full of opportunities, they are still measuring their response with caution.

Previously, cyber insurance and digital insurance was considered as a safety shell, especially during the event of a breach. But since the incidences of cyber breach attacks have been on a constant rise, the level of caution undertaken by both the government and the insurance industry has simultaneously risen.

As a matter of fact, the government has been actively promoting the cyber insurance market. Moreover, they are also using the insurance market as a lever for driving the required cyber-security improvements in the business sector.

Most authorities are expecting this to align the risk assessments with good practice. Moreover, they believe that it will incentivize good risk management and eventually reduce the need for direct government involvement and regulation.

This strategy is still under development. Insurers are incentivizing behaviors that are said to reduce or probably mitigate the risk, including that of ‘due care’. In simple words, ‘due care’ refers to the precaution ‘a person of ordinary prudence’ would take to protect their systems. For cyber insurance, it is essential to demonstrate cyber resilience. This, in turn, increases the demand for Retained Forensics.

The principle of Retained Forensics is used for developing cyber resilience by engaging a small team of industry professionals who are completely briefed about the scope of a company’s network and infrastructure. This allows them to:

  • Establish, direct and manage a complete test and exercise program
  • Make sure that high-level management of cyber defenses is maintained across all networks and infrastructures.
  • Be handy and ready to assist in putting the agreed action plan in place during the event of a breach. Therefore, in this way, the 72-hour reporting element of GDPR becomes achievable and the mitigation process will be received before the deadline.

There are many companies in the market that provide a full range of Retained Forensics services, ones that include automated and manual penetration testing, Red Teaming, Incident Management, Disaster Recovery, and Business Continuity Management.

With the help of this, ‘due care’ is demonstrable – making your company less likely to suffer a breach but it also demonstrates best practice during the event of an insurance claim.

Published by