Jun 16, 2006
Cyber insurance describes insurance products that can be purchased by organisations in an effort to transfer the financial consequences of IT security incidents. While such products have found growing popularity internationally, adoption in Australia has been slow and can be attributed to a lack in both demand and supply.
Currently, the most common approaches to cyber security utilise a combination of technology and operational/procedural solutions. While these mechanisms are often successful in managing the likelihood of a given incident, they are not able to determine with certainty the full financial cost of IT security – including both costs of protective mechanisms, and forecast losses associated with incidents – subsequently resulting in unfavourable scenarios for managers requiring predictable financial outcomes.
Insurance could potentially bring about a solution to the economic problem which exists as a result of cyber insecurities. With the aid key of players such as the IT security industry, the insurance industry and government, a mature cyber insurance market can deliver benefits for five functional groups: governance, management, security management, research and development and product procurement.
Download paper: stratsec - Tan - Economic Viability of Cyber Insurance.pdf