Business insurance should include IT risks
March 29th, 2011
Most companies neglect to manage their exposure to natural disaster, emergencies, and service disruption, according to insurance data research.
Business continuity management and emergency response could determine the survival or closure of a business, writes Karin de Kock of PSG Konsult short term insurance.
“It is a natural human tendency to believe that ‘it would not happen to us’. Brokers often have to assess and rate insurance clients’ exposure to emergencies.”
Obvious risks include storm, fire, flood, lightning, death of a key staff member, fraud, data loss, incidents, and legal claims. Most organisations are subject to unique risk profiles.
Quality of contingency and business continuity plans could determine sustainability. Organisations have to recover as quickly as possible to limit loss of trading time and income.
Appropriate insurance cover could save an organisation, and good enterprise risk management could save the organisation and the insurer time and money.
Cyber and IT risk insurance
“Businesses usually consider natural disasters and traditional incidents, but new technology had brought with it a host of new equipment, data, skills and services to manage”, writes Karin de Kock.
Cyber insurance is a must have, yet standard insurance policies do not yet specifically cover IT incidents or cyber loss.
New technology brings higher liabilities. Internet implies more risk exposure, and Cyber Liability Insurance had developed as a result.
IT risk management and insurance cover are essential to insure organisations against unauthorised access, destruction of data, theft, hackers, malicious codes and breaches of information.
“We have to engage cyber risks pro-actively to minimise or prevent our potential losses. Companies, including insurance companies, have had to enhance their electronic processes to improve services, marketing, and availability to customers”, according to Karin de Kock.
ISO IEC 27001 extract
Insurers have some in house experience of cyber risk assessment and management. Risk managers specialising in IT and cyber risks, could follow the global information security management system standard, ISO IEC 27001.
The ISO 27001: 2005 standard on information security is relevant to all forms of data, including documents, forms, minutes, memos, recordings, drawings and photographs.
PHOTO; Karin de Kock of PSG Konsult short term insurance advises IT users to educate employees on IT risk management.
Print this post
