The cyber insurance industry in Asia is heating up, with more leaders recognizing that cyber threat can in fact have crippling consequences for organizations that are becoming increasingly digital. This is but one of the key cybersecurity trends to watch in early 2016, says Carl Leonard of Forcepoint.
"Cyber insurance industry is still in its infancy. As organizations look to spread the financial risk from from data breaches, cyber insurance is going to become a norm in 2016," says Leonard, principal security analyst at Forcepoint, formerly Raytheon Websense. "However, even now, it is very difficult in cyber to judge the exact financial cost of an incident should a breach occur."
Insurance companies are going to refuse payments for breaches caused by ineffective security practices, while premiums and payouts will become more aligned with underlying security postures and better models of the cost of an actual breach, he says. To some extent, insurance companies will affect security programs, as requirements for insurance become as significant as many regulatory requirements, he believes.
Leonard anticipates cyber insurance maturing in 2016, and that insurers will look to inform themselves better by turning to subject matter experts to figure out the cyber risk for particular industry sectors. Insurers are going to insist on evidence to support existing security processes, so that an accurate picture of the organization's risk can be determined. Cyber insurance will dramatically disrupt the way the security industry operates, he predicts. (Also listen to: 2016: Year of the Empowered CISO?)
Among other predictions, Leonard believes payment gateways, wallets and other technologies are going to impact payment security more than EMV in the coming year, and that the aging infrastructure that is still in use today is going to cause majpr problems for defenders in the coming year. (Also listen to: 2016: The Year Hackers Exploit the Cloud)
In this exclusive audio interview with ISMG (player link below image), Leonard shares insights for some of the disruptions that he expects will take place in security in 2016. He speaks about:
- Security trends in Asia and around the globe;
- The changing compliance landscape;
- Some near-term predictions for the next three to six months.
Leonard is the Principal Security Analyst at Forcepoint's labs, and leads the EMEA team. He has over 10 years' experience in the security research and is responsible for enhancing threat protection and threat monitoring technologies, in collaboration with the company's global Security Labs teams. Focusing on protecting companies against the latest cyberattacks that can lead to data theft, he advises customers on the state of the threat landscape and how to enhance their security posture.