Can a cyber insurance policy keep businesses ahead of information-security risk?

Abstract

There is a fine line between information individuals are happy to share and information people view as private, and it is essential for businesses to understand this. In addition, internal stakeholders must now be individually charged not only with protecting the data the firm holds, but also how the firm uses said data. Awareness of the value of data is at an all-time high, with regulators now threatening significant financial penalties and sanctions for non-compliance. Businesses procuring a cyber insurance policy must learn the necessary best practice controls and processes to help in the event of an information security crisis. This paper addresses a number of questions, such as whether the growth of the information security industry will bring new and innovative approaches to mitigating risk; whether cyber insurance will be integrated into such solutions, providing businesses with new forms of protection; and whether purchasing cyber insurance can help businesses stay one step ahead of information security risk.