Or so says corporate underwriter and veteran cyber insurance provider, Lloyds of London, in a BBC article last week:
Any company that applies for cover has to let experts employed by Kiln and other underwriters look over their systems to see if they are doing enough to keep intruders out. Assessors look at the steps firms take to keep attackers away, how they ensure software is kept up to date and how they oversee networks of hardware that can span regions or entire countries.Sadly, as the article goes on to say:
After such checks were carried out, the majority of applicants were turned away because their cyber defenses were lacking.
The article notes a great uptick in the last year in the number of energy sector firms seeking cyber coverage, but it doesn't posit a reason for the sudden rush. Questions immediately spring to mind:
- What is the audit or investigation like that Lloyds puts applicant through?
- What is examined?
- Who is interviewed?
- Is this only data/privacy breach cyber insurance being discussed or is business continuity also on the table?
- Are any technical tools used?
- Are 3rd party risks evaluated?
I am confident someone knows the answers to these questions, but I haven't been able to find him/her yet. But when I do, it'll be to tease out the most common energy-sector-specific shortcomings and then roadmap to an insurable state.
Here's the URL for the full article: http://www.bbc.com/news/technology-26358042
Image credit: Govtech.com