back to article Insurers may have to adjust policies to reflect 'silent' cyber risks

Insurers whose policies could give rise to claims for damage as a result of cyber attacks may have to adjust their policies or premiums to better reflect these risks, UK financial services regulatory bod Prudential Regulation Authority (PRA) has warned. Firms should also carry out regular ‘stress tests’ to ensure that they are …

Silver badge

"56% of respondents to a survey confirming that they had a formal cybersecurity strategy in place"

I wonder if the AA was one of these.

0
0
Silver badge

Could it be a box ticking exercise?

Certainly sounds like one.

1
0
Silver badge

Re: Could it be a box ticking exercise?

Doubt it: the insurers see a big chance here and also a big stick with which to beat customers who, in the eyes of the insurers at least, were lax.

Wouldn't surprise me in the least to see the insurers buy into the IT security business.

0
0
Silver badge

Re: Could it be a box ticking exercise?

“The PRA expects firms to adopt a proportionate approach when assessing their non-affirmative exposures. The firm’s underwriting and risk management functions should play a key role in leading this effort,” it said.

More of a key role than the IT dept?

Seems like box ticking to me.

0
0
Anonymous Coward

Re: Could it be a box ticking exercise?

Doubt it: the insurers see a big chance here and also a big stick with which to beat customers

I think you're right. They see the opportunity to hike premiums anyway, and then disallow any claims as (by definition) the IT security wasn't up to scratch.

0
0
Anonymous Coward

Wonders aloud...

I wonder if any recent victims of cyber attacks are looking to make significant insurance claims?

0
0

Re: Wonders aloud...

I hope so, simply because I want to see what the results are.

Company: "Dear insurer, I decided to save money by not patching a critical system but still connected it to the internet with SMB wide open and I got ransacked by WCry. Please pay out on insurance"

Insurer: "......................."

1
0
Silver badge

Summing this article in one sentence

"We think we've found a semi plausible reason to extract more money (and urine) from our clients."

0
0
Silver badge

That said... Maybe the "cyber" (people still use that word?!) risk payouts should come from the bloody large fines dropped onto companies that are lax with their so-called security. Fines need to hurt if they're going to have any effect, otherwise such things will just be factored into the cost of doing business.

1
0
Silver badge

Fines need to hurt if they're going to have any effect, otherwise such things will just be factored into the cost of doing business.

In most ordinary businesses fines are an exceptional cost of doing business. In financial services fines are a routine operating cost. For both scenarios, fines rarely reduce director and employee incentive rewards, so the problem is that the fines (usually) don't have any impact on those whose behaviour needs to change - and even if they did, they're far too long after the important decisions were taken to have any bearing on the future decision making process.

If fines are to change behaviour, they need to directly affect those who are making decisions or specifically doing something wrong (like mis-selling), and that includes potentially going after people who left the company long ago, who have retired and are now playing the "helpless pensioner" card, and making sure that the internal and external auditors are also clobbered if they didn't identify relevant major risks.

1
0
Silver badge

This might put insurers in charge of company security policy

How can an insurer evaluate risk unless they have some insight into how the company manages its security policy? Once they find out how many systems are out of date or unpatched, and tell you "you will have a 600% increase in premiums next year unless you fix all these issues" the insurance company is basically in charge of your security policy from then on - they'll be sending out notices "please insure you have patched all Windows systems by July 15 if you want to maintain your Ransomware policy".

0
1
Anonymous Coward

Insurance Premium Adjusters...

I thought they had been deemed illegal & given an automatic death penalty?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017