Cyber Security: To Insure or Not to Insure
Anthony says this is an area where there is no right answer, other than making sure that you have a well thought-out plan.
I moved to Brooklyn from upstate New York a little over a decade ago. At the time, I was driving a Subaru Legacy. I was a sports reporter and my job required me to attend events all over the state, so a car was a requirement. But when I decided to leave the newspaper business and move to Wall Street to write about financial technology-first at American Banker magazine and then at Waters-my car was basically only useful for late-night White Castle runs.
At the same time, I had accrued more than a few speeding tickets and my insurance was getting out of hand. So I made the calculation that having a car was not worth the effort and donated it to Kars4Kids (their jingle must have been stuck in my head) and converted our garage into a pool room. I was tired of handing my paycheck over to the insurance companies.
Insurance is a lot like taxes: No one likes to pay for it, but when it pays off, you begrudgingly acknowledge the need for it. One boom sector to get into right now is that of providing cyber insurance. At Waters' inaugural Cyber Security & Risk Management Briefing, held on September 22 in Midtown Manhattan, the topic of cyber insurance was raised by an audience member.
Jonathan Dambrot, CEO of Prevalent, noted that the sector is rapidly evolving, as we're only now seeing firms getting paid after a hack, which will cause insurance firms to readjust how they create a policy.
"The insurance companies that underwrite these things are really looking at things like threat intelligence and areas to pinpoint the risk of that supply chain, whether you're using a vendor or doing it internally," Dambrot said. "So in the years to come, I think you're going to see a lot more intelligence-driven approaches to cyber insurance. We're just now starting to see people get paid out on these policies, so we'll see if they're valuable or not. Clearly they're valuable, but just how valuable they are will shape out over the next few years."
Insurance is a lot like taxes: No one likes to pay for it, but when it pays off, you begrudgingly acknowledge the need for it.
[For more on the evolution of cyber security, read Anthony's feature on the subject here.]
A Tough Call
Josh Stabiner, chief information security officer at Pine River Capital Management, said his firm decided to forgo insurance, but instead has an aggressive approach toward due diligence of third parties. Pine River also keeps a cyber security firm on retainer in case a data leak occurs.
"When we went through what it covers, it turned out that it didn't cover trading-floor losses during a cyber event. It covers the cost of performing an investigation and remediating the attack. So we said that in that situation, we have a vendor on retainer; we know what the price is going to be per hour-yeah, it might be a large number of hours, but in that event we'll absorb the cost. We took a risk-based approach: What do we think the potential cost of this event will be, what is the likelihood of this occurring, and what is the cost of the insurance? From our perspective, it just didn't work out," he said.
An audience appeared incredulous at Stabiner's comments, asking what investors would say to that response. Stabiner explained that he had been in numerous operational due diligence meetings and had filled out a lot of due diligence questionnaires, and no one had called him out. "That's the answer we provide and no one has challenged us on it," he responded.
Beef Up
Capital markets firms need to take a risk-based assessment of their cyber defenses. If they want lower insurance costs, they must pay to be more sophisticated when defending against cyber attackers.
Pine River has been able to satisfy investor queries because it has a clear cyber framework that it can articulate to clients. Others will prefer the security blanket of paying for insurance.
This is a rapidly evolving space, so no one can say with certainty what the industry's best practices are. But if you aren't having these discussions with IT and at the board level, where everyone is speaking to one another rather than having instructions handed down to them, then your firm may well make the headlines for all the wrong reasons.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Waters Wrap: GenAI and rising tides
As banks, asset managers, and vendors ratchet up generative AI experiments and rollouts, Anthony explains why collaboration between business and tech teams is crucial.
Ice moves to meet demand for greater cloud, AI capabilities
The exchange also outlined competitive advantages behind managing its data and cloud strategy internally during its Q1 earnings call on Thursday.
FactSet looks to build on portfolio commentary with AI
Its new solution will allow users to write attribution summaries more quickly and adds to its goal of further accelerating discoverability, automation, and innovation.
How Ally found the key to GenAI at the bottom of a teacup
Risk-and-tech chemistry—plus Microsoft’s flexibility—has seen the US lender leap from experiments to execution.
The IMD Wrap: Beginning of the end for data audits?
This week, there’s exciting news for data bean-counters in the form of a partnership between two vendors that could change the way we view and track data usage and audits.
S&P debuts Spark Assist genAI copilot, draws up ‘Blueprints’ of combined datasets
S&P’s Kensho subsidiary has rolled out new emerging tech products leveraging AI to explore and combine the vendor’s wealth of datasets to solve common use cases.
Nasdaq reshuffles tech divisions post-Adenza
Adenza is now fully integrated into the exchange operator’s ecosystem, bringing opportunities for new business and a fresh perspective on how fintech fits into its strategy.
Most read
- Northern Trust building internal cloud data ‘marketplace’
- Chris Edmonds takes the reins at ICE Fixed Income and Data Services
- Women in Technology & Data Awards 2024: All the winners and why they won