IT risks and insurance

Written by Assaf

February 18, 2021

Insuring against IT risks in small and medium sized (SME) organizations is becoming more important:

  1. The move to the cloud makes the employee endpoints the data hub. Employees download, process and upload data. Some data gets left on the endpoint and may get uploaded to known and unknown cloud applications.
  2. Ransomware encrypts and steals regulated sensitive data. Since these are usually based on zero-day exploits (exploits that are not yet patched), they tend to generate correlated events where a large number of customers are affected by the same ransomware.
  3. Regulators are heaping more and higher penalties and fines. These are levied on top of the already expensive costs of remediating IT exploits. Examples of increased fines include GDPR, HIPAA, NIFRA and other regulations.

The use case for data privacy products as used by insured companies is well known: verifying that the insurance limits are not exceeded. Having a good understanding of the type and amount of data kept by an organization is critical for this purpose.

 For insurance companies, the combination of all three creates a situation in which the financial penalty is even higher: Higher penalties coupled with a higher likelihood of facing a correlated event across multiple customers.

Existing cybersecurity tools like anti-virus and EDR can help protect against known vulnerabilities but are less effective against zero-day exploits which result in correlated events.

Actifile’s approach is that in addition to tools that address the risk of a technical way-in (tools that address vulnerabilities, malware and viruses) there is also a need to minimize the damage done during such an event. That is to ensure that the amount of data that can be exploited is minimized.

Actifile addresses the data privacy liability associated with processing and storing regulated and sensitive data such as private data and IDs, GDPR regulated data, medical records, credit card data, govt. records and other types of data. While much of the data originated from well secured cloud apps, much of it inevitably ends of on the users’ machines:

Since the liability associated with data is proportional to the type and amount of data records, Actifile (1) assesses the liability, (2) tracks and reports on this liability and (3) helps companies address unacceptable risk levels (for example, where the liability exceeds the insurance liability limits).

From an insurance perspective – this is similar to insuring a Jewelry shop: you’d first measure the value of jewels they have (how many carats and grams of precious metals do they have, etc.), and then, based on the value that needs to be secured make sure that the jewels are locked up in a properly rated safe protected by an appropriate alarm system.

You May Also Like…

Risk-to-data or Risk-in-data?

The risk-to-the-data              vs. the-risk-in-the-data.    It is intuitively accepted that when securing or...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *