Skip to content
Centrify Logo
  • Support
  • Community
  • Contact
  • Login
    • Create an Account
    • Centrify Cloud
    • Support
    • Community
    • Partner Portal
    • Online Training
  • Try it Now
  • Why Centrify
  • Products

    Platform

    • Centrify Identity Platform
    • Identity-as-a-Service
    • Privileged Identity Management
    • MFA Across Your Enterprise
    • Centrify Developer Program

    Products

    • Centrify Identity Service
    • Centrify Privilege Service
    • Centrify Server Suite
     

    Secure Apps

    • Single Sign-on
    • MFA for Apps, VPNs, Endpoints
    • Provisioning and Workflow
    • Enterprise Mobility Management
    • Mac Management
    • App Catalog
     

    Secure Infrastructure

    • Identity Consolidation
    • MFA for Servers
    • Secure Remote Access
    • Identity Broker
    • Shared Password Management
    • Privileged Access Request
    • Privilege Management
    • Auditing
  • Solutions

    Centrify Solutions

    • Cloud and On-Premises Apps
    • Multi-factor Authentication
    • Privileged Access Security
    • Secure Hybrid Cloud
    • Big Data Security
    • Mac and Mobile Management
    • Internal and External Users
    • Regulatory Compliance
    • Federal Compliance
    Get the Report
  • Customers
  • Partners

    Centrify Channel Partner Network

    • Overview
    • Register a Deal
    • Become a Channel Partner
    • Find a Channel Partner
    • Login to Partner Portal
     

    Centrify Alliance Partner Program

    • Overview
    • Refer an Opportunity
    • Become an Alliance Partner
    • View all Alliance Partners
    • OEM Opportunities
  • Company

    About Us

    • Overview
    • Management
    • Customers
    • Investors
    • Blogs
    • Careers
    • Contact Centrify
     

    News and Events

    • Overview
    • Press Releases
    • In the News
    • Events
    • Awards
    • Centrify Connect
    Learn More
  • Try it Now

Centrify Perspective

August 30, 2016, by Dean Thompson

How to Avoid Rising Cyber Liability Insurance Costs

Insurance companies are getting tired of footing the bill for corporations who continue to get breached. Frequently, the result of these breaches are a result of either weak policies or someone not following the policies that are put in place. Let’s face it, people are the weak point in most security plans, and the problem isn’t solving itself anytime soon.

The result is that your insurance company is getting into the security business to make sure that the people they insure are not a risky investment. This may be covered in your professional errors & omissions insurance, but more and more customers are asking anyone who handles customer information, patient data, service providers or PII data to provide what is called “cyber liability insurance.”

cyber liability insurance

Examples of Cyber Liability Insurance

Let me do a little education on what cyber liability insurance would cover for you. The policy you have will determine what it covers, but some good examples of what a typical policy covers are outlined below:

  • Coverage for legal fees and computer forensic costs in the event of a security or privacy breach
  • Regulatory fines and penalties included under Security Event Costs and PCI assessment coverage available by endorsement
  • Customer notification expenses include legal expenses, credit monitoring, postage and advertising
  • Comprehensive interruption expenses coverage, including income loss
  • Coverage for damages to third parties caused by a breach of network security
  • Definition of claim includes a demand for monetary and non-monetary damages

The next part of the policy will be “first-party costs,” which include the costs to the insured organization (you) and are related primarily to restoring computer functionality, business interruption costs and forensic investigations. Here are some examples:

  • Loss of digital assets coverage
  • Non-physical business interruption and extra expense
  • Cyber extortion
  • Cyber terrorism
  • Security event costs

Finally, there are “third-party costs,” which include fees paid to retained specialists for services related to litigation, responding to regulatory investigations and requirements, governmental inquiries, credit monitoring for impacted customers, public relations, notices and communications to consumers, customers, and other third parties, and other liability management issues related to the data breach. Here are a few examples of
those:

  • Network security and privacy liability
  • Employee privacy liability
  • Electronic media liability

Why Cyber Liability Insurance is Important

When you have had a breach and you have to start notifying all of your customers, provide them with free credit monitoring, etc., it is your insurance company that is paying a lot of the bill; not to mention, all of the fees involved in the actual investigation. There are some great companies that specialize specifically in this area, such as Halock Security Labs, that can help you with your investigation.

When you have a breach, and chances are you will, you will be happy that you have spent the time to get the proper cyber liability coverage. According to the Experian 2015 Data Breach Forecast, almost half the organizations they spoke to had a security incident within the last year. However, there’s a catch: insurance companies have found that a company’s security posture is a good measure in terms of how much of a risk they are to insure. Because of this, you are seeing a shift in the industry requiring customers to have to prove they are secure to their insurers, and how well they score determines what they pay for their annual costs. Customers that continue to do the following things are seeing their rates increase and may soon find themselves uninsurable:

  • Sharing accounts
  • Not having users perform actions as themselves
  • Not enforcing least access privilege
  • Not having an audit trail of what administrators and application owners do on their systems
  • Not utilizing multi-factor authentication (MFA)

password

I have seen many Technical E&O (errors & omissions) policies include a coverage exclusion for failure to maintain software and/or hardware to industry best practices standards. Those policies usually include questions in the application process detailing data security practices. Those applications become a warranty and part of the policy. Therefore, if a company does not have or implement the required standard, their coverage may be voided.

Most carrier applications now have questions regarding vendors or services used to implement best practices or audit network security. Answers provided allow underwriters to review the procedures, make some risks more attractive than others and allow for more competition and potentially better terms and conditions and lower pricing.

Most insurance policies now require prompt reporting of breaches, whether or not a claim is made. The insurance company wants the insured to take advantage of all resources (forensics, crisis management, etc.) that may be either a benefit offered by the carrier or warranted by the insured to help mitigate losses.

Furthermore, having an incident response plan in place and designating a team to execute that plan prior to a breach contributes significantly to mitigating data loss, the corresponding fraud and identity theft that follow an unauthorized breach of data.

The most effective way to purchase cyber security insurance is after an enterprise has created and implemented an incident response plan, along with the other components of a comprehensive information security plan, so that they better understand what their insurance needs are and can enjoy lower rates because they have adopted best practices.

Learn about how Centrify can secure your enterprise here. 

  • Facebook
  • Twitter
  • Linked In
  • Google+
  • Email

Post navigation

← Why Your Organization Needs a Privileged Identity Management Solution
Securing Enterprise Identities For Dummies: Free Live Webinar →

Centrify Blog

Keep up to date with Centrify and with current IT Security best practices by subscribing to our blogs. Topics include:

  • All Centrify Blogs
  • Centrify Perspective
  • From the Cloud
  • Hot Topics
  • I AM Centrify
  • It's All About Identity
  • Mobile Frontier
  • Partner Corner
  • Twitter
  • Linked In
  • Blog Feed



Tom Kemp Secure Thinking by Tom Kemp

Centrify CEO Tom Kemp, an industry expert in security and infrastructure software, discusses market and technology issues around the disruption occurring in the Identity and Access Management market due to the cloud, mobile and consumerization of IT trends occurring in today's IT environment.

TwitterFollow Tom on Twitter

Recent Posts


Introducing Centrify Identity Services for HashiCorp Vault

By David McNeely , April 17, 2018
in “Centrify Perspective”


Secure the Vote with Zero Trust

By Tom Kemp , April 16, 2018
in “Secure Thinking by Tom Kemp”


Trends to look for next week at RSA Conference 2018

By Corey Williams , April 12, 2018
in “Centrify Perspective”


benrice
Centrify Zero Trust Security Partners in the Spotlight at RSA Booth 501

By Ben Rice , April 11, 2018
in “Hot Topics”


Why the Path Towards Zero Trust Starts with Next-Gen Access

By Torsten George , April 5, 2018
in “Centrify Perspective”

Our Bloggers

  • barryscott

    Barry Scott

    CTO, EMEA
  • benrice

    Ben Rice

    Vice President, Worldwide Business Development
  • Bill Mann

    Chief Product Officer
  • Corey Williams

    Senior Director, Product Management and Marketing
  • Greg Cranley

    Vice President Federal & Public Sector Sales
  • Jonathan Bensen

    Director, Product Management
  • Michelle Plato

    Senior Product Marketing Manager.
  • Rhonda Shantz

    CMO
  • Teresa Chen

    Director, Product Marketing
  • tonygoulding

    Tony Goulding

    Director, Technical Marketing
→ See All Bloggers

Popular Tags

  • Active Directory (71)
  • Adaptive MFA (29)
  • Analytics (11)
  • App gateway (4)
  • Apple (6)
  • Application Security (8)
  • Application to Application Password Management (4)
  • Audit (8)
  • authentication (6)
  • AWS (21)
  • Big data (12)
  • byod (5)
  • CASB (2)
  • Centrify (6)
  • centrify connect (4)
  • Centrify Express (9)
  • centrify identity service (37)
  • Centrify Infrastructure Services (3)
  • Centrify Privilege Service (45)
  • Centrify Server Suite (24)
  • Certificate Management (4)
  • CIS (2)
  • Cloud (79)
  • Cloud Identity (40)
  • Compliance (14)
  • Compliance Audit (28)
  • contextual authentication (2)
  • Customer Success (7)
  • cyberconnect (3)
  • data breach (30)
  • Enterprise Mobility Management (EMM) (33)
  • Federal compliance (14)
  • Federation (5)
  • forrester (14)
  • Gartner (6)
  • GDPR (5)
  • google apps (5)
  • Governance (3)
  • Group Policy (10)
  • Hadoop (13)
  • HeartBleed (3)
  • HSPD-12 (2)
  • Hybrid IT (6)
  • IaaS (5)
  • identity (24)
  • Identity Analytics (4)
  • Identity and Access Management (IAM) (75)
  • Identity as a Service (IDaaS) (62)
  • Identity Broker (3)
  • Identity Management (92)
  • identity platform (35)
  • iOS (2)
  • IoT (4)
  • iPhone (2)
  • just enough privilege (3)
  • just in time privilege (2)
  • Least Privilege (47)
  • Mac (8)
  • Mac OS X (37)
  • macos (2)
  • MFA (137)
  • mobile (7)
  • Mobile Device Management (MDM) (36)
  • Mobile Security (72)
  • Mobile World Congress (3)
  • Multi-factor Authentication (160)
  • Next-Gen Access (5)
  • NIST (3)
  • NIST 800-171 (2)
  • NoSQL (2)
  • Office 365 (25)
  • Outsourced IT (3)
  • PAM (2)
  • Partners (45)
  • Password (91)
  • Password Management (81)
  • Password Reset (9)
  • PCI (2)
  • ponemon (16)
  • Privilege Elevation (3)
  • privileged access management (4)
  • Privileged Access Security (37)
  • Privileged Identity Management (163)
  • provisioning (4)
  • Risk-based Access Control (2)
  • Role-based Access Control (13)
  • RSA (3)
  • SaaS (70)
  • SAML (32)
  • Samsung KNOX (14)
  • SAP (3)
  • SAPM (9)
  • Secure remote access (2)
  • Security (35)
  • Security Breaches (47)
  • Security Insights (26)
  • ServiceNow (6)
  • Shadow IT (2)
  • Shared Account Password Management (19)
  • Single Sign-On (SSO) (155)
  • smart card (2)
  • Smart Card Authentication (8)
  • sso (2)
  • VPN (3)
  • Windows Privilege (2)
  • zero trust security (29)
1.669.444.5200
Contact Us
  • Twitter
  • Linked In
  • YouTube
  • Facebook

Products

  • Application Services
  • Endpoint Services
  • Infrastructure Services
  • Analytics Services
  • Federal CAC Reader
  • Pricing
  • Free Trials

Company

  • About Us
  • Blogs
  • Management
  • News and Events
  • Investors
  • Careers
  • Contact

Services

  • Overview
  • Professional Services
  • Training

Support

  • Support Portal Login
  • Support Plans
  • Centrify Trust
  • Cloud Status

Communities

  • Centrify
  • Developer
  • Express

Developers

  • Overview
  • APIs
  • Direct Audit SDK
  • Direct Manage SDK
  • SAML Toolkits

Resources

  • White Papers
  • Case Studies
  • Webinars
  • Solution Briefs
  • Documentation

©2018 Centrify Corporation. All rights reserved. Privacy Policy Terms of Use Site Map