As information about cyber breach hazard is disseminated-often as a reaction to hacks such as the Target attack of 2013 or the Sony breach of 2014-interest in cyber insurance increases. Standards for cyber insurance are in the evolutionary stages, and take-up rates are still low. But evidence of rising awareness of cyber risk and related insurance coverage can be found in the five-year history of Google searches on these topics.
The growing number of Google searches on "cyber risk" and "cyber insurance," 2011-2015 (Source: Google)
AIR has become a Founding Member of the Cyber Risk and Insurance Forum (CRIF), a London-based cross sector group dedicated to the advancement of the cyber risk insurance space.
CRIF is a consortium of insurance, broking, IT, legal, and consulting industry professionals charged with the mission to help organizations better understand cyber risks and the damage that may occur as result of a cyber attack.
CRIF aims to do this through the establishment of a cyber risk and privacy framework, promoting best practices, and by supporting the creation of effective insurance solutions. With founding members from many industries, CRIF is uniquely positioned to influence this process.
The CRIF Vision includes:
- Developing a risk-based framework of recommended security practices and policies
- Encouraging a risk-based culture, adequate business continuity plans, and corporate information security policies within the industry
- Raising awareness through events and briefings to the industry highlighting the risks of cyber loss
- Providing risk management and insurance professionals with tools to approach cyber risks in partnership with their information security colleagues
AIR is in the process of building a cyber exposure data framework and a fully probabilistic cyber risk model and is committed to broadening the understanding of loss potential from cyber breaches, including aggregation events, as discussed in a recent AIR Currents article.
In partnership with CRIF, AIR will pursue the creation of cyber best practices and help companies and insurers better prepare for worst case cyber scenarios.
To participate in CRIF's survey on cyber coverage at small and medium enterprises (SME), please click here.
For an overview of issues raised by the 2014 Sony breach, see the blog post by my colleague Tomas Girnius.