A New Kind of Insurance

A few years ago, I flew down to Florida to talk with some large insurance companies about this new cutting-edge market for “hacking insurance” (aka cyber insurance), and what I found out while talking to these companies blew my mind.

It turns out that many large companies are now wanting to protect themselves from the costly threat of being breached, so they look toward purchasing cyber insurance. It was a newer concept at the time, and I was just discovering how much potential this market had. This multi-million-dollar market for hacking insurance has popped up out of nowhere and is well on its way toward being a $3B industry by the year 2022. Many insurance companies are interested in bringing development to this cutting-edge market, but there are a few obstacles to overcome.

Let’s talk about how cyber insurance works. Purchasing cyber insurance will typically cost your company between $20k-$50k per million dollars in coverage annually. Then, there are deductibles. There’s still a missing piece of the puzzle and it’s the biggest one: the overall security of the company looking to become insured. This will ultimately determine exactly how much the organization will be charged for coverage, and what type of coverage they can receive.

Think of it this way: if your home was directly on the ocean in Florida where I spoke with these insurance companies, you would be much more likely to experience natural forces that could ruin your house. For this reason, it’s a bigger risk for insurance companies to insure you. If they’re going to accept that risk, they’re going to want more money for your policy, because they’re more likely to have to pay for damages to your home down the road.


The same is true of cyber insurance. If an organization takes rigid measures to ensure their organization and client data remains safe, it’s significantly less likely for an incident to occur or be handled poorly. Any insurance company would look at the low risk and be willing to ensure that company completely — and for less money.

However, this is still a relatively new concept. Underwriters find it difficult to pinpoint proper premiums that will adequately insure these businesses without undercharging and leaving themselves in a financial quandary. It can also be challenging to determine what the risk thresholds are that would cause an insurance company to charge a client more, less, or simply not insure them at all.

The Cyber Insurance Metric

So, what if there was a measure to calculate this for insurance companies looking to sell cyber insurance? What if there was an all-inclusive security analysis for a company that considers all aspects of the organization’s security? What if this analysis included everything from policies, to physical networks, to technical controls? And what if it gave us a reliable and readable analysis — an industry standard that everyone can understand?

There is an information security analysis that will do these things. It’s called S2SCORE. Purposefully built on the same scoring scale as your individual credit score and considering administrative, technical, and physical controls of a business, this assessment is an all-encompassing score that can be easily understood by virtually anyone, even people who know little to nothing about cybersecurity.

Using an assessment system and scoring metric like S2SCORE has direct benefits to insurance companies and the companies they look to insure. Not only does a credit-like score give insurance organizations an immediate understanding of the security level of the companies they look to insure, but it also gives those looking to purchase cyber insurance an understanding of how much and where they need to improve to avoid cyber risks.

Ultimately, S2SCORE is the answer to the cyber insurance conundrum. With it, insurance organizations will know exactly how much risk they’re taking on by insuring any given company, and that company will have a better understanding of where they can make improvements to keep their data safer. It’s a true win-win for all involved, the insurance company, the company seeking cyber insurance coverage, and the entire industry.

To learn more about S2SCORE, and other important information security services that can make an impact for your organization, visit frsecure.com.

free information security risk assessment tool