BUSINESSES are purchasing more insurance policies to protect their online networks as cybercrime is becoming more prevalent with more companies shifting their focus towards digitization, media reports show.
Most recently, two DDoS attacks took place in StarHub – one of the three major telcos in Singapore – causing temporary disruptions for customers. StarHub said the “malicious” attacks were “unprecedented in scale, nature, and complexity”.
StarHub said in a statement on Tuesday: “We have completed inspecting and analyzing network logs from the home broadband incidents on Oct 22 and Oct 24 and we are now able to confirm that we had experienced intentional and likely malicious Distributed Denial-of-Service (DDoS) attacks on our domain name servers (DNS).”
According to Channel News Asia, insurance brokers have noted a rise in the number of inquiries regarding cyber insurance received over the past few years – in March, AIG Singapore reported a seven-fold increase in such inquiries since 2013.
Cyber insurance, in general, offers an array of coverage for Internet-based risks such as data destruction, extortion, theft, hacking, and DDoS attacks. Some companies also offer liability coverage, which is useful if one’s business involves data collection.
Aon, an insurance broker headquartered in London, told CNA that if a company experiences a data breach, cyber insurance can help in covering the cost of dealing with the issue as well as affected clients.
— Jim Harris (@JimHarris) October 22, 2016
Last year, 2,507 cyber insurance policies were sold by Aon worldwide, which amounts to US$203.8 million in premiums – this number marks a compound annual growth rate of 70 percent between 2009 and 2015 for Aon. Their global cyber insurance business quadrupled from 2013.
The rush by Singaporean companies to snap up cyber insurance policies is part of a wider trend globally, as businesses become more wary of the dangers of being connected to everyone and everything. Insurance companies are also beginning to refine premiums of this nature to help businesses.
AIG Malaysia announced today it has entered a partnership with IT service provider Dimension Data to offer tailor-made cyber security premiums according to a company’s risk profile.
According to Computer Weekly, the partnership was borne out of customers’ needs for a “more comprehensive risk management approach”. In 2015 alone, Malaysia’s security specialist agency CyberSecurity Malaysia confirmed there were 27 million incidents involving botnets.
Antony Lee, CEO at AIG Malaysia, said: “The complexity of today’s cyber threats has shown it is essential for organizations to implement a comprehensive information security program against any form of breach that would be detrimental to their business.”
However, the scramble to buy and sell insurance policies means that regulations may not have been able to catch up fast enough. Cyberscoop reports that some lawyers are warning companies of potential policy “trapdoors” that could ultimately become a disadvantage.
Even those with "cyber insurance" finds it doesn't cover what they hoped and that small policies often aren't enough https://t.co/XUzJE2fVXU
— Jake Williams (@MalwareJake) October 24, 2016
Charles Bernier, an insurance broker with ECBM, told the Privacy and Security Forum in Washington that standardization for cyber insurance has yet to be put in place. He was quoted saying: “They are all different. The same word can be interpreted differently by two different carriers.”
Scott Godes, an insurance attorney, agreed, saying that the policies are “very difficult” to read, which makes it unclear what is being covered and what is not.
Until some sort of regulation for insurance policies of this nature comes into effect, companies will have to remain wary of both sides of the picture. On one hand, being susceptible to cybercriminals is a daunting thought, but on the other, being cheated by unscrupulous insurance companies could amount to the same kind of damage.