Vendors see a growing need for cyber insurance

Tuesday - 6/21/2011, 10:30am EDT

Larry Ponemon, chairman and founder, Ponemon Institute

Click below to hear the interview

Download mp3

By Courtney Thompson
Federal News Radio

After recent cyberattacks on major companies such as Sony, Lockheed Martin and CitiBank, more industries are protecting themselves with cyber insurance.

Like other insurance types--home, life, auto--cyber insurance provides protection in case of critical data loss or other virtual disruptions that impact the business or economic structure of organizations.

Although cyber insurance is not new, there is a significant demand for companies to invest in more cybersecurity, said Larry Ponemon, chairman and founder of the Ponemon Institute, which provides privacy, data protection and information security policy for organizations in the private and public sectors.

"I think organizations--because of fear and concern and the reality that cyber crime is getting worse--are really starting to think that this might be a good backup mechanism to reducing their risk," said Ponemon in an interview on the Federal Drive Tuesday.

Ponemon said the risk is growing to companies, including federal contractors, because of a lack of industry standards for securing systems.

"We know there are security standards in place, but there is a lot of variance across industries," he said. "If we do it correctly, we need to have a standard that insurance companies are comfortable with. But right now, standards vary by industry and organizational size, and are not mandated by anyone."

Ponemon said his organization is looking into the cost of data breaches to industry. He said for a breach of 1,000 people to 100,000 people, the cost for a company could be as much as $8 million.

"It's not just cash resources, but lost customer support and a lost of reputation," he said. "What will happen initially is certain features of a breach that can be measured will be insured, but other features such as soft cost may not be included initially."

As the number of cyber-related attacks increase, small companies are finding that they are not exempt from hackers or security intrusion.

Ponemon said small to medium-sized businesses are at a greater risk of security issues, because, in part, they have fewer resources for protection.

As for the future of cyber insurance, Ponemon said he expects demand to increase over the next two-to-five years, particularly for industries that vary in type and size.

"The industry is starting to blossom," he said. "Organizations fear cyber breaches or attacks and are starting to see this as a good back up mechanism to reduce risk."

Courtney Thompson is an intern with Federal News Radio.

(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.