Cyber Insurance for Business ContinuityIMA's Tim Burke on Managing Operational Risk
Cyber insurance covers more than the cost of breaches of data privacy; it can play a role in protecting against the cost of a cyberattack that disrupts business operations, explains insurance specialist Tim Burke.
See Also: 2016 State of Threat Intelligence Study
"Probably the biggest misconception is that if we're not housing a vast amount of confidential information that we don't necessarily have an exposure," says Burke, director of cyber risk at IMA, a Dallas-based insurance brokerage. But managing the potential risks and costs of a cyberattack that disrupts operations should be a priority for all organizations, no matter how much sensitive data they store, he contends.
"Any form of downtime or degradation, you can actually insure against that," he notes in a video interview at Information Security Media Group's 2015 Fraud and Data Breach Prevention and Response Summit Dallas. "We view that as probably a case where most companies have self-insured that by default. The more we discuss that, the more there is an awareness that's something they need to potentially either analyze or transfer off their balance sheet."
In this interview, Burke also discusses:
- Why operational risks are as important to quantify as privacy risks;
- Why cyberattacks against business operations are not necessarily covered by property and casualty insurance; and
- Why cyber insurance carriers need to become more familiar with the operational aspects of the businesses they are insuring to better estimate risk.
With more than 15 years of experience underwriting and selling cyber insurance, Burke has assisted clients in the energy, retail, hospitality, financial and healthcare industries manage the ramifications of high-profile data breaches and create custom risk transfer programs and loss control solutions. He is a frequent presenter at industry conferences.