VIEW 30
Parkerian Hexad: Insurance mapping
Insurance policies differ in wording and scope depending on the underwriter. Brokers, having fully comprehended the client’s specific needs, provide valuable guidance as to the type of policy and the extent of cover that best fits these requirements. Good communication between the client, the broker and the underwriter at inception is essential to ensure there is no misunderstanding later if and when claims are made.
Below is a list of the types of insurance cover that are generally available from many underwriters in the market. This is not an exhaustive list, nor is it meant as a substitute for full and proper consultation with a qualified expert. In View #28, we explained the Parkerian Hexad model of asset security attributes. In the diagram above, we show how the different types of insurance cover match up with those six attributes.
Data Restoration Covers the costs associated with the replacement, repair or restoration of assets damaged in a cyber-attack or an accidental failure. This maps primarily to the integrity part of the hexad and to a lesser extent to availability.
Breach Costs These are the costs of employing a forensic team to investigate the breach. They regularly include the costs associated with notifying customers of lost data, credit monitoring, call centre services and PR efforts. It maps to the possession attribute of the hexad.
Privacy Liability Covers third party liability for settlements arising from the failure to protect confidential information. It maps to the confidentiality part of the hexad.
Cyber Extortion Coverage for losses incurred from extortion, of which a ransomware attack is a good example. This maps primarily to the utility part of the hexad and to a lesser extent to confidentiality.
Business interruption This covers lost income and extra expenses caused by the failure of computer systems and networks. It maps to the availability part of the hexad.
Fraud and e-theft This is coverage of costs associated with theft or fraudulent transfer of funds and other property of value from cyber-attacks such as ‘man in the middle’ spoofing. It maps to the authenticity part of the hexad.
There are, of course, many other types of insurance cover available. Examples include cover for failure of a third party’s systems like a cloud provider (see View #34) or reputational damage. The intention of the above diagram is simply to demonstrate that the six key security attributes for cyber defence have a direct counterpart in terms of coverage available in the insurance market.
