Cyber Insurance and Incident Response – Essential Part of every Business Continuity Strategy

A study by UK Government (HM Goverment, 2015) estimated that 81% of large corporations and around 60% of small corporations suffered from cyber breaches in 2014 across various business sector in London and South-East England. For Germany and Central Europe, (Andreas Schmitz , 2016) shows that security incidents rose by a staggering 38% in 2015. The typical loss from the cyber breaches are data loss, outage, physical damage, privacy issues etc. In any kind, the organization suffers financially and/or a brand is damaged. It is therefore essential to be prepared to avoid such a breach but also to be backed up in case breaches actually happen. Cyber insurance (also known as Cyber risk insurance) is the answer to exactly this kind of concern. The cyber insurance providers and their insurance policies are able to cover or reduce the losses that an organization may incur because of cyber breaches.

Cybersecurity is not managed well

The research (ENISA Security, 2016) shows that despite of the regular attacks and risks that organizations face, only 21% have a good grasp of cyberattacks and risks and maintain Cybersecurity in an appropriate way. This means that a greater number of organizations still face the challenge. And for them, a cyber insurance would be a quick win.

When the cyberattacks are anticipated by an organization, cyber insurance providers are able to think about the losses that may occur because of it. This leads the organization to recognize the importance of the cybersecurity and cyber insurance. Ideally a good first step is to spread awareness among the employees regarding different types of cyberattacks and how to prevent them. Employees should be able to at least tell the difference between a phishing website and phishing email. This can be achieved by conducting regular security trainings and audits usually based on established standard such as ISO 2700x. These audits play an important role when the cyber insurance companies evaluate an organization for risk coverage. This data of covered security events and the claims against those events serves as a good platform for the insurance providers to formulate the coverage policies.

Cyber Insurances cover most types of damages

Cyber insurance at first was given little importance probably because either people failed to realize its importance or the concept was difficult to understand in the first place. The knowledge gained over the past years and the experience in handling claims in case of cyber has helped insurance providers to provide services with efficient management techniques and advanced analytics clubbed with risk assessment and breach investigations. They are able to form policies which not only cover the digital impair but also physical damages that are caused by the cyber breaches.

Majority of the cyber insurance companies covered almost all types of businesses; only a few of them made exceptions for the businesses that deal with e.g. payment services due to the high risk or gambling for ethical reasons. The cyber insurance companies usually have coverage models that fit the business depending on their size. The basic insurance coverage is divided into first party and third party where first party are directly covered by the insurance company and the third party coverage are the risks covered which affect the participants other than the insured or the insurer. Other types are Non-common coverage and extra coverage which include coverage for other critical business needs and resources such as revenue, digital assets, insider threat, forensics, fraud, legal costs, PR measures, ransomware etc.

Insurers first have to assess the preparation of the companies seeking the cyber insurance. This assessment basically evaluates the potentials risks a company faces and its readiness to deal with those risk scenarios. The risk assessments are based on, but not limited to good practices followed by the potential clients. The cyber insurance companies have now started to form common practices based on standards in order to evaluate the companies with same degree of consistency. There are many categories that the insurers evaluate while assessing risks for the clients. The generally focused categories are dedicated resources, policies and procedures, employee awareness, security measures, vendor management, Board Oversight and Incident response. Of these categories incident response is a critical factor; since it illustrates a client’s potential to handle the situation in case any cybersecurity incident occurs.

Own Ability to Respond

The insurer will evaluate, how many resources are dedicated in case an incident occurs and what are the processes followed. This evaluation is also to be considered not just for an isolated incident but also when many incidents occur at the same time. The main component on the incident response is considered the notification of the incident that it has occurred in the first place. The speed at which the notification is delivered to the concerned group or individual plays a significant role in the whole incident responses process.

The process of the incident response includes the fortification techniques which will stop or at least slow down the occurring attack. It also includes the ways in which limit the damage and reduces the recovery time and cost. In order to always be on top of such scenarios, it is always recommended that regular drill exercises are performed over regular intervals. Many incident response plan falls short because of either outdated and/or generic procedures and processes irrelevant for the type of attack or poor decision making bodies. This can be overcome by having individually redesigned response plans and having strong, quick and informed decision making bodies and internal and external coordinating techniques in case of attack. An ideal incident response plan should include at least following components:

  • Incident taxonomy: A common taxonomy that allows the participating parties to easily understand, share and standardize the security information.
  • Data classification frameworks: Classifying data in desired categories such as confidential, secret, top secret etc. and defining individual response plan for each category.
  • Performance objectives: These are best response steps along with the time limit of within which they should be executed.
  • Definition of response team operating models: Definition of the war-room protocols along with team structures, roles, responsibilities, escalation processes.
  • Identification and remediation of failure modes: Regular updates of response plan based on current cyber events.
  • Key tools to be used during response: Checklist of step-by-step instructions of what should be done in case of each type of attack along with clearly defined roles and responsibilities. It includes procedural guides, containment steps, eradication and recovery guidelines.

Incident Response as part of the Cyber Insurance

The insurance providers are now also providing Cyber Incident Response as a service as part of an insurance package. Such “central” Cyber Response services are able to efficiently manage the claims of the insurers. The insurers leverage the services from cybersecurity service providers who have appropriate resources, capacities and dedicated processes required for individual incidents and business sectors to efficiently deal with any and all kind of cyber risk incidents. This is an ideal solution for Small-and-Medium business, because they typically do not have the capabilities to operate its own Incident Response team or pay for a dedicated service provider.


The challenges of raising Cyber incidences can be overcome by spreading awareness regarding importance of cyber insurance and incident response. For all companies there should be procedures in place which will prevent or at least slow down an attack. If and when the attack occurs, there will be loss and this loss can be prevented or limited by having a properly and professionally calculated cyber insurance policy as part of your Business Continuity Plan which will help mitigate the risks not just for the insured but also its customers.


Andreas Schmitz . (2016, January). PwC Study: Biggest Increase in Cyberattacks in Over 10 Years. Retrieved from SAP News:

ENISA Security, E. U. (2016). ENISA: Cyber Insurance: Recent Advances, Good Practices and Challenges. EU.


Peter Rehäußer

Peter Rehäußer heads CSC’s Cybersecurity Consulting business in Germany. He has more than 15 years of experience in IT security consulting and management and has covered a wide array of industries throughout his career.

Facebook Twitter LinkedIn Xing 

Leave A Comment

Copyright 2017 21st CENTURY IT · RSS Feed · Anmelden