For years the insurance industry has invested in incentive programs to help reduce risk and prevent claims. For example, health insurers may lower premiums to encourage good lifestyle choices just as carriers may offer discounts when homeowners install smoke detectors and security systems. A recent Information-Management article explains that these incentives are a win-win for policyholders, who can invest their saved money on a safer home or healthier lifestyle, and for the insurance company, due to a reduction in claims. If discount incentives are proven to reduce risk, theoretically an organization with the latest cybersecurity technologies and proper cybersecurity polices will claim after a cyber-attack or data breach.
Although the cyber insurance market is beginning to gain traction, the industry is still young and many organizations are not taking cyber-threats seriously, despite brokers’ encouragement to purchase cyber insurance as a stand-alone policy. While a cybersecurity incentive policy would theoretically reduce cyber-risk, there are several reasons why carriers have been slow to adopt such policies. For one, cyber insurance is not regulated the same way auto and home insurance is – policies vary drastically and prices are not standardized. Additionally, an organization with the best cybersecurity is still susceptible to a breach due to employee negligence. How can one guarantee an organization is keeping up with best cybersecurity practices? Nonetheless, as the market matures, discount incentives could serve and a motivation to purchase a cyber policy as well as increasing an organization’s cybersecurity posture on the front-end.