From the class discussion and readings, cyber security risk insurance seems to be a very risky business. I would not want to be in a company that works in that industry because the recent amount of large corporation hacks that have occurred. In my opinion, having cyber security risk insurance is like purchasing car insurance. You pay a monthly fee for coverage, but there are a whole bunch of restrictions. For example, you may only be covered for 30,000 miles or two years of having the car. There is bumper to bumper coverage, but a certain part may not be covered. You really have to dig down to through all the nitty gritty details to understand your coverage. With Cyber security risk insurance, it may not cover employees work credentials being hacked from their personal home computers. The coverage may only apply to work computers. It seems there are just too many possible point of infections to cover. If a company does purchase insurance, they will need to make sure they get all the details of the coverage.
A company should also not only depend on the cyber security risk insurance if they purchase it. The company should have cyber security trainings and best safe practices to keep employees safe from possible threats. The company should also be aware of the Bring Your Own Devices that employees may be using with work. BYOD’s that are not secure could be a problem for the company and may not be covered in a cyber security risk insurance.
One way that my company requires all faculty and staff to have is a password lock on their phones in order to view their email. If there is no password, they will not have email access. This lock makes it so if their phone is lost or stolen, it will be harder for the thief to gain access into their email.
All companies need to have security training for their employees to make sure they have the proper security measures in place to reduce possible attacks on the company. Having both cyber security insurance and cyber security informed employees are two ways to help mitigate attacks.