Cyber Insurance Not Easily Defined; Awareness And Training Are Your Best Defense
By: Jim Stickley and Tina Davis
June 21, 2018
Technopedia defines cyber insurance as “a form of insurance for businesses and individuals against internet-based risks.” The courts, however, are having a heck of a time deciding just what issues are covered under cyber insurance law. It appears that from coast to coast and everywhere in between, different rulings are being made on similar cases. How cyber insurance is interpreted by different courts across the country is leading to confusion and very different final rulings.
Since the late 1990’s, cyber insurance policies began sprouting up as an option for businesses on the edge of a very scary digital age. It evolved from cyberattacks at the time and not knowing what damage a company could face in the future. From the first computer worm found in 1989 to today’s sophisticated ransomware, phishing, and malware-laced attacks, cyber insurance grew into a hugely significant business. Reports indicate by 2022, the cyber insurance market will capture $14 billion in revenue. That’s a lot of investment by companies wanting security from cyber thievery. Today, many find themselves in court fighting to define what exactly is covered by their cyber insurance policy after a hack.
Most recently, cases involving employees being tricked by hackers – mostly by email phishing – into downloading malware are in front of the courts. It brings up defining computer fraud, since unwitting employees were fraudulently duped by into transferring company funds to hacker accounts. Courts in Texas and Michigan denied coverage, while a court in New York decided to include employee hacks under cyber insurance.
The battle to define what cyber insurance covers for individual businesses is an ongoing fight. Cyber insurance does, however, bring to light the importance of businesses investing in cyber resilience as the best way to avoid the courts to begin with. Dedication to innovative cybersecurity practices, as well as providing ongoing employee cyber education is more important than ever before. Leaving a decision up to the courts is proving difficult to predict, and maybe more, a decision not in one’s favor.
There are many options for providing awareness training. You can hire someone strictly to perform that function. After all, a good program may require someone in a full-time position. However, there are organizations that will help you create an employee cyber awareness program, administer one for you, or provide the whole shebang. Of course services and costs vary, but you can be sure there is something available out there for you.
Having cyber insurance may be a necessary evil for companies today, but prevention is proving the best decision yet.