The Problem with Cyber Insurance: Outdated Incentives

Photo by Possessed Photography on Unsplash

With an increasing cost of data breaches from new laws like CCPA (effective 2020) and existing GDPR (effective 2018), the cyber insurance industry’s days are numbered. Are you ready?

Outdated Incentive Structure

Historically, protecting your data has been a very time-consuming and expensive commitment. For example, it used to take $4.2M and a team of 4–5 security engineers to build E2E-Encryption over 2 years into a product. In that world, cyber insurance presented an attractive low-cost alternative to throttle the consequences of not having the resources to protect your data. But with modern services, it’s now possible to raise your security data bar quickly without the costs. For example, Peacemakr’s free E2E-Encryption-as-a-Service with Open-Source SDKs could be used to encrypt everything.

Not only is the overhead of protecting your data dropping, but the cost of a data breach is increasing. With existing fines up to 4% of global revenue from GDPR and statutory fines per breach and a private right of action available under CCPA, we may be entering an age where encrypting your data is more effective and cheaper than buying cyber insurance?

Cyber Insurance Won’t Save your Reputation

Nothing kills a deal faster than mistrust. Even if covered by cyber insurance, a data breach will tarnish your reputation. Your top salespeople will leave because they will lose their commissions. Your marketing folks will demand a very expensive messaging pivot. The board will want to fire the CISO, and if you don’t have one, may suggest that you resign.

Screenshot from the App Jumbo reporting a breach victim’s Address, Email, and Password were all sold on the dark web.

You might even end up as the talking points on podcasts and clubhouse room, being discussed, for example, as “a16z’s breach of the week.” Your brand will become known as an event, a hard lesson learned, like Equifax.

Cyber Insurance Won’t Save your Data

Cyber Insurance may not be a Sustainable Industry

GDPR applies to all of Europe, with fines upwards of 4% of the company’s global revenue.

With regulatory responses cracking down on lax data security practices, cyber insurance days are numbered.

What can you do to protect your business?

There are several drop-in security solutions out there to help you protect your critical business data and systems from breaches, for example,

  • Snyk develops security analysis tools to identify open-source vulnerabilities so you never run vulnerable 3rd party libraries in your cloud again.
  • Peacemakr offers drop-in E2E-Encryption-as-a-Service to help you quickly and efficiently raise your data security bar.
  • Sqreen built a monitoring and protection platform made to be incredibly powerful yet very easy to use.
  • ArmorCode simplifies software security with a single pane of glass management portal for organization-wide visibility, control, and collaboration.

So, what are you waiting for?

15+ Years experience leading security, Ex-Apple, Ex-Pure Storage, Ex-Symphony Communications, Co-Founder and CEO of Peacemakr, Lives in San Francisco.