Why Your Data Matters: Cybersecurity and Cyberinsurance
In the wake of increased credit and debit card security breach, companies that handle sensitive information pertaining to their clients are constantly seeking better ways to secure the data of their clients. Think of Amazon, eBay, PayPal, major banks and other enterprises which store credit and debit card information on online servers. In as much as this decreases the need to constantly enter credit card information while shopping online for instance, it brings about the need to ensure that the data is secure. The increase in the number of breaches may worry the clients and thus decrease sales which would in turn would mean that the company will incur loses. As a result, cyberinsurance has become a big boom in the recent past as more companies seek to defray the losses in the event of a data breach. In this blog entry, I will seek to explore whether the sudden interest in cyberisurance is just mere response to the cybersecurity issues or it may be a result of network effects both direct benefit and information cascades.
The recent breach at Home Depot (link below) has seen the Dollar Bank reissue cards to the customers that were affected. This is similar to the response the Bank of America had when “about 40 million cards were affected at the Target breach” (Forbes, “Home Depot Data Breach Banks Response is Critical to Consumer Reaction”). Another response is that banks improve the security of the credit and debit cards they issue their customers. This yields a direct benefit for both the customer and the bank as the customer would enjoy better security and thus feel more confident about using the service whereas the bank will not only secure customer data better but also retain its clientele. However, looking at this with a “business mind”, it would seem that there is a high possibility that more people would subscribe to their services if a bank improves the security of its credit card service. And/or, it may be viewed as a preventive measure if a bank may implement a better security system for their credit card service due to the sudden increase in cyberattacks. On the other hand, thinking about this in terms of the information cascades phenomenon, one bank would imitate another bank which improves the security of its credit card service possibly due to social pressure in the bid to be a formidable competitor in the banking service or the mere fact that one bank improves credit card security because they have more information. In this case the information they know may involve cyberattacks, its increase and way to combat it.
In turn there would be the need to insure the venture in the event that a data breach occurs regardless of the improved security system. Consequently, cyberinsurance will increase as a response to the issue at hand. And indeed more companies have introduced Risk Management departments in their firms that directly deal with cybersecurity . Does this then mean that more insurance companies will offer cyberinsurance packages? And that more companies not only those dealing with sensitive data will acquire cyberinsurance?
Indeed, the trend both now and in the future is that more companies will start offering affordable insurance packages for both large and small-sized companies and also more companies would seek to get cyberinsurance. This would be a response to the problem at hand as it becomes an issue of corporate survival rather than a far off possibility. It then leads to the incorporation of cyberthreats as a hazard of equal magnitude to those often considered during enterprise risk management in addition to insurance risk transfer mechanisms. It would then follow that as more companies adopt the insurance scheme they would influence other companies which they may be directly or indirectly related to adopt the insurance scheme and in terms of a cost-benefit analysis (direct-benefit): in the event that there is a data breach the company would still have part of its losses defrayed due to the insurance risk transfer mechanism.
It goes without saying that the market for cyberinsurance would grow unboundedly in the next couple of years given that as hackers develop more clever ways to breach data systems, there would be need to evaluate strategies and develop better security systems and more accommodating insurance policies. It may be safe to assume that the belief system would encourage companies to get cyberinsurance as one of the key ways to manage the risk of cyberattacks. It will be a dominant strategy for a company to have cyberinsurance.
This is a brief insight on Cybersecurity and Network Effects and Cyberinsurance.
http://www.forbes.com/sites/paularosenblum/2014/09/19/home-depot-data-breach-banks-response-is-critical-to-consumer-reaction/
http://www.businessweek.com/articles/2014-02-14/hack-resistant-credit-cards-bring-greater-security-at-a-big-price
http://www.washingtonpost.com/business/capitalbusiness/cyber-insurance-becomes-popular-among-smaller-mid-size-businesses/2014/10/11/257e0d28-4e48-11e4-aa5e-7153e466a02d_story.html
http://blogs.law.harvard.edu/corpgov/2014/11/13/cyber-security-cyber-governance-and-cyber-insurance/