Cyber-insurance: a financial perspective to incident response
Pascal Lointier AIG Europe
download slides (PDF)
Based on a non-profit French survey, most SMI-SMB don't conduct a risk assessment even though they are more and more
dependent on information systems. Furthermore, and this applies to large corporates too, they have very limited dashboards
to measure the financial impact of security incidents: virus infection, data sabotage, business interruption or lack of
suppliers due to IT issues.
As a result, impact is much more damaging as they have not been able to do any (financial) risk transfer using
cyber-insurance. CISOs will thus know how to be refunded for their crisis management costs.
This presentation will explain the basics of cyber-insurance (data and computer resources) and the various direct and
indirect losses that could be refunded: lack of profit, investigation costs, ransom, extra hours, penalty fees, reputation
restoration, etc.
This insurance analysis could be a possible contribution to RoSI assessment too and will be detailed through some
scenarios.
