Insurance companies typically have decades of data, if not more, on which to base their risk estimates.
That’s not the case with cyber risk, however. There’s very little historical data available, the data is not complete, and the threat landscape doesn’t just change year by year, but day by day. There isn’t even a standard set of definitions that everyone can agree on.
That’s starting to change, as insurers expand their services so that they can better educate their customers about cyber risk and even help them defend against attacks before they happen and deal with the fallout of when a breach does occur.
I say potahto
One of the first problems when it comes to buying cyberinsurance is that nobody knows exactly what it means. Corporate financial officers, security managers, and insurance brokers have different understanding of risk, for example.