Cyber-insurance: a financial perspective to incident response

Pascal Lointier AIG Europe

Based on a non-profit French survey, most SMI-SMB don't conduct a risk assessment even though they are more and more dependent on information systems. Furthermore, and this applies to large corporates too, they have very limited dashboards to measure the financial impact of security incidents: virus infection, data sabotage, business interruption or lack of suppliers due to IT issues.

As a result, impact is much more damaging as they have not been able to do any (financial) risk transfer using cyber-insurance. CISOs will thus know how to be refunded for their crisis management costs.

This presentation will explain the basics of cyber-insurance (data and computer resources) and the various direct and indirect losses that could be refunded: lack of profit, investigation costs, ransom, extra hours, penalty fees, reputation restoration, etc. This insurance analysis could be a possible contribution to RoSI assessment too and will be detailed through some scenarios.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB100 certification
VB100 This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.
See full results.

Virus Bulletin currently has 224,242 registered users.