Cyber insurance can impede real security
Financial services industry is at risk of depending on insurance rather than knowledge in fight against attacks
The financial services industry is placing its trust in cyber insurance rather than companies ensuring their own security defences are up to scratch, it has been claimed.
The sector suffered 300 per cent more cyber attacks in 2014 than any other sector, according to research published by security firm WebSense in its 2015 industry drill-down report for financial services. It also found that certain malware families were observed up to 400 per cent more frequently in financial services than the norm.
However, the investigation also found evidence that companies operating in the area may be putting their faith in the relatively new field of cyber insurance rather than ensuring they are as secure as possible.
Carl Leonard, WebSense's principal security analyst, told IT Pro: "The focus really needs to be on making sure that you have the best [security posture] possible, so that you can work dynamically, embrace new technologies and work in a fast-paced environment, rather than simply focusing on cyber insurance.
"Insurance is not going to solve the underlying root problem of being able to understand what threats you are faced with and how best to mitigate those."
That is not to say that insurance should be abandoned altogether, though. Rathermore, it should be a part of the security patchwork.
Indeed, according to Leonard, if a company takes the approach of being as prepared as possible, they may also come off better if there is a breach both in terms of being more prepared in the face of future, similar attacks and filing an insurance claim.
"It might be that when we go into the cyber insurance details that they want some sort of proof that a business has taken the necessary steps for their payout to be valid," Leonard said.
"We can draw parallels with other industries, and we have seen that claims in the healthcare sector are already being disputed, so I think we're going to get to the point where it's up to businesses to show that they have necessary steps to show they have done all they can to mitigate risk," he concluded