Companies are insuring without putting any cyber security in place


Financial services are at risk of relying too heavily on cyber insurance and disregarding preventative measures, a leading IT security firm has warned.

The financial services industry suffered 300% more cyber attacks in 2014 than any other sector, according to data published by security firm Websense, and principal security analyst Carl Leonard believes that there is an overreliance on insurance.

“The focus really needs to be on making sure that you have the best security possible, rather than simply focusing on cyber insurance,” Leonard told ITPro.

“Insurance is not going to solve the underlying root problem of being able to understand what threats you are faced with and how best to mitigate against them.”

Leonard stresses that the industry should not abandon cyber insurance, only that it should work in collaboration with IT risk management.

He added: “It might be that when we go into the cyber insurance details they want some sort of proof that a business has taken the necessary steps before their payout is valid.”

Insurance companies are already moving towards this. Aviva announced a cyber product in collaboration with IT risk management firm IDT911, where certain security provisions have to be met before the policy becomes valid.