Today’s cyber risks come in all shapes and sizes, from disclosure of protected information due to hacking or employee negligence through network shutdown or impairment, regulatory violations, and everything in between. Painfully aware that 100 percent cybersecurity is an impossibility, smart companies no longer focus exclusively on building cyber defenses. Instead, they are taking an enterprise approach to managing cyber risks, which includes development of a cybersecurity program that places attention on a number of issues, including network security, employee training and third-party risk. Even then, however, some cyber risks will remain.
Instead of simply living with those residual risks, more companies are taking a holistic approach to cyber risk management, which includes transferring residual cyber risk through insurance. Although it is no substitute for appropriate policies and practices, cyber insurance that is appropriately tailored to a company’s unique risk profile can be a key component of an effective cyber risk management program.