Cyber-insurance policies are becoming more popular, but does your company actually need one? CIO Insight Reporter Debra DAgostino spoke to Gartner Research analyst Vincent Oliva to find out what CIOs should keep in mind when considering such policies. An edited transcript of Olivas remarks follows.
CIO Insight: Where did cyber-insurance originate?
Oliva: It started with Y2K back in the late 1990s. As cyber-risks became more prevalent and companies got more involved in e-business, the insurance industry looked at this and said that normal corporate policies didnt cover cyber-risks, they were really more for physical types of risk and exposures. Insurance companies had not considered in their underwriting and in their pricing of insurance the whole issue of cyber-terrorism, cyber-risk and hacking. So what the insurance companies did, and historically have done on similar issues, was start to put exclusions on their existing policies for losses that would evolve out of cyber-risk. Then they started to examine cyber-risk and develop actual insurance products that they could go out to the market and sell. So the first cyber-insurance policies hit the market in early 2000. The adoption rates today are roughly about $100 million in insurance premiums that have been sold in the market for cyber insurance since 2000. The earliest adopters of cyber-insurance have been the businesses that are really heavily relying on e-business. The financial services industry has really led the pack on this.
Why are these policies gaining popularity now?
Cyber-viruses and hackers are becoming more of an issue. Sept. 11 actually, from the entire security point of view, raised the awareness of it, so I think if anything, Sept. 11 was a catalyst to increase the awareness and the adoption of cyber-insurance purchases.
How do companies go about getting cyber-insurance?