Last updated: 
1 week 1 day ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Incident Response and Insurance: Opportunities to Collaborate?

Thursday, June 16, 2016 - 23:07

At the FIRST conference, Eireann Leverett and Marie Moe discussed a number of areas where incident response teams and insurers could usefully collaborate.

At present some cyber-insurance policies can seem expensive. One component of the cost is the contingency fund that insurers have to maintain in case their assessment of the likelihood and size of claims is wrong. In a new area such as insuring against digital incidents, a shortage of data means there may be considerable uncertainty involved in those assessments. That means large contingency funds, which contribute to high premiums. Many incident response teams have a lot of information about past incidents, which might help insurers reduce that uncertainty. For that to work, however, we need to be able to provide information about the cost of incidents, something that not all incident response teams collect. If you do have, or can obtain, that sort of data, Eireann and Marie would be happy to put you in touch with insurers who can use it.

That’s mostly about incident response teams helping insurers, but there may also be opportunities for insurers to help incident responders. Although there’s a tendency to think of insurance for rare, high-cost events, insurance companies also deal with relatively common problems - burst pipes, burglaries and similar. And - particularly when helping individuals, householders or small businesses - they often provide practical, as well as financial, help. When you make an insurance claim you’ll be put in touch with plumbers, carpenters, glaziers, or other local businesses that can resolve the immediate damage. It turns out that some insurance companies are already extending this to digital assistance: Eireann reported one instance of a small business insurance policy helping to remove ransomware from a customer’s computer. If that sort of help fits into insurers’ business models then it might be an alternative way to deal with things like virus infections as well.

Finally, it's worth noting that just because your insurance policy doesn’t say "cyber" doesn’t mean it won’t cover accidents involving your computer. Policies for professional, business or household activities may not distinguish between those events taking place in the physical world or on line. Whether you're buying a new policy or using an existing one, check the exclusions. If the worst does happen, your insurer may be worth a call.