Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
Insurance policy, as protection against cyber attacks
Material posted: Publication date: 14-11-2013

When buying an insurance policy, the company figured out how to protect yourself from liability and risks associated with fire. Now they began to think how similarly, you can protect yourself from cyber attacks.

Everything would be simple, but the main problem is that today no one knows how to quantify the risk of cyber attacks, in other words, is their cost. It's all a numbers game, but for insurance agents who know their business, is, first of all, the price of the damage.

At the moment no country in the world, there is no authoritative database, as is now fashionable to say that actuarial information that would allow insurers to estimate risks and expected damage. This is still a worthwhile investment for business in General and insurance companies in particular, and this issue is now engaged in the world.

Information security, as a science, is still very young. No indicators, no patterns, no ratings, does not exist.

Usually, when someone is at risk, he defines the level of risk and tries to reduce it to an acceptable level. But information security doesn't work because breakthrough research in this area no assessment models either, and only about insurance products and can not speak.

Ideally, the company would partly get insurance based on the level of security that they have installed at the moment. But so far this has not happened, because the company is not protected against leakage of sensitive information in the investigation of incidents of cyber attacks.

However, there is one important exception to this rule: breaking and entering of records. Approximately ¾ of insurances which can be attributed to cibertribunal associated with the installation of anti-theft records. Partly, the reason is the way to insure this is the case is quite clear – it is easy to draw the line between what was and what is, i.e. stolen. However, there is another fact to protect consumers from hacking and theft records, some States set a specific price on each record.

Despite the difficulties in pricing of insurance risks, experts argue that worldwide there is now interest in conducting deep research in this field. It is easy to imagine that soon the company will be able to acquire financial protection from cyber-attacks similar to the way they buy protection software. But even that will not allow companies to fully protect themselves from cyber attacks, because they are more open to them. It is no wonder that in computer circles there is a perception that "anti-viruses think those who creates these viruses".

Financial or moral losses for private business (big or small) incurred as a result of cyber attacks, is one side of the issue. Somehow, the risks can be calculated. If you go out to the whole state, as they say "troubles". As, for example, to assess the risks in the sphere of state security (economic, military, etc.), or the damages? By what criteria can it be evaluated? And who will undertake the insurance of such risks and damages? While some of the issues.

And this problem is not a single nation but the whole world.

According to experts specializing in the field of cybersecurity, you need to quickly make the breakthrough research in this field, otherwise, given the speed with which the evolving computer technology, it will be too late.

Sergey Ostryna


RELATED MATERIALS: Defence and security