The cyber insurance premiums were a $2 billion business in 2015 and current projections show it to grow over $20 billion in 10 years by 2025. However, lack of actual data is what bothering the insurers. Below are some of the suggestive parameters that need to be worked out for the expanding industry.
The cybersecurity insurance is not like the auto, home and life insurance segments as it does not have highly accurate data to analyze. Under such circumstances the insurers need to rely more on security readiness assessments while determining the amount of potential risk that a company carries. Independent third parties will be performing such assessment jobs by evaluating several factors like value of data, amount of data, locations of data and protections used.
Incident Response Plans
Companies may be asked to develop incident response plans to spell out steps and ensure those are followed in exact in the aftermath of data breach. It is learned six key parts need to be followed and those are preparation, identification, containment, eradication, recovery, and lessons learned as well.
Security FICO Scores
Similar to credit scores the industry need to come out with security FICO scores to measure credit worthiness of companies.
Monitoring tools need to be added in the network to help companies analyze data in real-time.