Need for cyber-insurance heats up, but the market remains immature: According to a survey conducted by Veracode and NYSE, 91 percent of 276 companies said they’d purchased cyber-insurance covering business interruption and data restoration, with 54 percent indicating they had also purchased coverage for expense reimbursement in the case PCI fines, breach remediation and extortion, for example. Some 52 percent of companies are purchasing coverage in the event of data stolen by employees. And 35 percent are seeking coverage against loss of sensitive data caused by software coding and human errors.
While the need for the insurance may be clear, obtaining coverage can be a frustrating experience. It certainly was for Wiora, who is close to picking a new cyber-insurance policy after several months of shopping. He was surprised by the lack of due diligence some insurers exhibit as they evaluate prospective customers for coverage. Cyber insurers typically require potential clients to complete lengthy questionnaires, often ranging from 150 to 300 questions, designed to determine whether they use encryption, as well as how their firewalls and password authentications are set up.