Over reliance on cyber insurance could lead to security breaches thanks to a distorted focus, a leading cyber expert has said.
Principal security analyst at global cyber security firm Websense, Carl Leonard, said that when company’s shift their focus to insurance rather than mitigation, they leave themselves open to attack.
“The focus really needs to be on making sure that you have the best [security posture] possible, so that you can work dynamically, embrace new technologies and work in a fast-paced environment, rather than simply focusing on cyber insurance,” Leonard told ITPro.co.uk.
“Insurance is not going to solve the underlying root problem of being able to understand what threats you are faced with and how best to mitigate those.”
Leonard stressed that companies will soon have to prove that they have exhausted all mitigation options as cyber insurance develops as claims will be paid according to stricter guidelines.
“It might be that when we go into the cyber insurance details that they want some sort of proof that a business has taken the necessary steps for their payout to be valid,” Leonard said.
“We can draw parallels with other industries, and we have seen that claims in the healthcare sector are already being disputed, so I think we’re going to get to the point where it’s up to businesses to show that they have necessary steps to show they have done all they can to mitigate risk.”