Cyber Insurance: Could It Actually Hurt?

Some of you may have noticed the increased interest in cyber insurance. Vendors are popping up from everywhere, sending their “experts” to be sources in articles on CNN, Wired, and others. Almost all of them are claiming the same thing – that a global cyber event imminent and that every organization could be the next Sony. When I first noticed the change in direction in which the wind was starting to blow, I thought it was a great step forward in cybersecurity awareness. After all, when people get bombarded with the increase of cybersecurity in the media and advertisement, some of it has got to stick, right?

Then another thought came to me. When organizations opt to invest in cybersecurity insurance, does that mean that executives are starting to lose faith in those of us who have dedicated our careers to the field? When executives make the decision to insure, will they be less likely to invest in necessary security controls? Instead, will they simply make sure that they remain in compliance with regulatory requirements, and then forget about additional concerns?

In any case, what do you guys think? I believe it is our responsibilities as cybersecurity professionals to do the best we can to protect our data, information processes, privacy, people, etc. In order to be successful, we need to make sure we are moving the chess pieces to the area of the board where they are most needed. As always, I want to solicit thoughts on this idea. If you have anything to add, please feel free to use the “comments” section below. The best information protection efforts and the advancement of the cybersecurity field are achieved through collaboration between like-minded people. Thank you for visiting!

Steve P. Higdon has been working in the information security field for over ten years, providing support and consultancy to several public and private sector organizations. Steve holds several industry certifications and can be reached via email at and on Twitter at @SteveHigdon.