Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
- Veterans in Private Sector: Making the Transition
Shows & Panels
Vendors see a growing need for cyber insurance
Tuesday - 6/21/2011, 10:30am EDT
Federal News Radio
After recent cyberattacks on major companies such as Sony, Lockheed Martin and CitiBank, more industries are protecting themselves with cyber insurance.
Like other insurance types--home, life, auto--cyber insurance provides protection in case of critical data loss or other virtual disruptions that impact the business or economic structure of organizations.
Although cyber insurance is not new, there is a significant demand for companies to invest in more cybersecurity, said Larry Ponemon, chairman and founder of the Ponemon Institute, which provides privacy, data protection and information security policy for organizations in the private and public sectors.
"I think organizations--because of fear and concern and the reality that cyber crime is getting worse--are really starting to think that this might be a good backup mechanism to reducing their risk," said Ponemon in an interview on the Federal Drive Tuesday.
Ponemon said the risk is growing to companies, including federal contractors, because of a lack of industry standards for securing systems.
"We know there are security standards in place, but there is a lot of variance across industries," he said. "If we do it correctly, we need to have a standard that insurance companies are comfortable with. But right now, standards vary by industry and organizational size, and are not mandated by anyone."
Ponemon said his organization is looking into the cost of data breaches to industry. He said for a breach of 1,000 people to 100,000 people, the cost for a company could be as much as $8 million.
"It's not just cash resources, but lost customer support and a lost of reputation," he said. "What will happen initially is certain features of a breach that can be measured will be insured, but other features such as soft cost may not be included initially."
As the number of cyber-related attacks increase, small companies are finding that they are not exempt from hackers or security intrusion.
Ponemon said small to medium-sized businesses are at a greater risk of security issues, because, in part, they have fewer resources for protection.
As for the future of cyber insurance, Ponemon said he expects demand to increase over the next two-to-five years, particularly for industries that vary in type and size.
"The industry is starting to blossom," he said. "Organizations fear cyber breaches or attacks and are starting to see this as a good back up mechanism to reduce risk."
Courtney Thompson is an intern with Federal News Radio.
(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.