“Insurance delivers peace of mind”: that’s the time-honoured promise that brokers have always used to sell their services. But does this also hold true with the kinds of risk only found in the IT sector? This was the discussion we had with nic.at registrars at a roundtable meeting a few years ago. When the time came to update our registrar contracts we also decided to take a look at issues of liability and possible claims for damages in the domain business. And we soon saw that standard indemnity insurance policies did not extend to various cyber risks. At the time, specialist policies were few and far between – and expensive. Since everyone was keen to avoid placing an undue burden on registrars, the idea of introducing mandatory insurance for registrars was quickly shelved.

In the meantime a lot has changed in the insurance industry. More and more companies are offering special cyber insurance policies. Which is hardly surprising considering the ever increasing threat of cyber crime – as well as businesses’ acceptance that they themselves could be targeted: according to KPMG’s Cyber Security in Austria study conducted this April, 71% of respondents felt that cyber attacks were not fully preventable.

As a registry and operator of the Austrian Cyber Emergency Response Team (CERT) it is a subject that we take very seriously. We also know that it is not possible to eradicate every single risk. But we can try to mitigate them. Which is why we want to use this edition of the .at report to show where cyber insurance policies can help. And we give various experts the chance to share their tips to help you get the best out of them.

The statistic show that the number of cyber insurance claims in on the rise. And a 2015 Juniper study [1] estimates that the number will increase fourfold by 2019. We have outlined a number of typical scenarios for you on page x. They clearly show that companies of all sizes can fall victim to cyber crime ­­­– and that the costs associated with lost turnover and lost customers are much higher than the actual costs of the attack itself. 

The impact can be huge and range from financial losses and reputational damage, to bringing a business to a complete standstill. For these reasons, information security is not just an IT issue – it is something that calls for attention at the very highest level. One Austrian IT service provider shows that some bosses are now thinking beyond their own companies. He teamed up with an insurance company to offer an exclusive cyber insurance package for his customers. Navax boss Oliver Krizek explains why on page 5.

Cyber insurance companies have also found fellow campaigners elsewhere: the global CERTs have identified them as valuable partners and are looking to intensifying collaboration in future, as security specialist xx explains in an interview on page 6. A good plan, in our view. When it comes to security, every initiative that raises overall awareness levels is welcome.

The best insurance policy is always the one that you never need to claim against –  you can be sure of that!

Download .at-report 2/2016