The expert Cesare Burei, broker and insurance advisor, explains in this article published by Agenda Digitale, the reasons why companies can no longer pretend to nothing when faced with cyber threats: prevention is the first priority, but the threat is always just around the block, and insurance coverage helps to solve the many problems and costs that the occurrence of cyber attacks and data breaches may entail.
Do we need to insure when we are concerned about the consequences of our business IT issues?
Yes, we do.
Insurance can be a good economic parachute, especially for cyber accidents which, due to the digital pervasiveness, can have important direct and indirect effects on the company’s budget.
It is good to be proactive by programming analysis and investment in a quiet moment rather than reacting on the emotional wave after an accident.
The effectiveness of the insurance is proportional to the adoption of a risk-based approach in the management of the company and to a good “insurance culture”. Taking up the circular model proposed by ANIA, it would be advisable to envisage:
- to carry out an analysis of the relevant ICT and ICT risks;
- to develop and implement a plan for the implementation of risk mitigation measures affecting processes, staff training and technology;
- to “transfer” extraordinary and high-impact risks to insurance companies.
The cycle must start again from the regular risk assessment.
At the same time, it is important to ensure that the IT systems (hardware and software), devices and the web are subject to a permanent supervision and updating process.
The insurance, with the so-called cyber policies, can in this context be effectively constructed so as to compensate for costs and damages deriving from ICT accidents and, in addition, to provide crisis prevention or management services.
Cyber policies typically cover:
- damage and costs;
- consequences of downtime;
- consequences of GDPR-privacy breaches;
- liability towards third parties;
In order to deal with IT risk mitigation from an insurance standpoint, it is advisable to apply the analysis and improvement model to ICT critical suppliers and to verify their insurance coverage, in particular with reference to ICT Professional Liability. The security of the supply chain, also from an insurance point of view, guarantees safety for everyone.All rights reserved