Little did I know when I created my simple LinkedIn poll on ideas for renaming Cyber Insurance that we would receive 122 votes and 27 comments. Since it is now closed, here are the results:
The poll was limited in that it required the participants to choose from 5 names, and did not allow an answer of ‘none of the above.’ Happily, some of the comments included their own suggestion.
Summarizing the poll results:
- Information Security Insurance – 63 votes (52%)
- Network Security Insurance – 23 votes (19%)
- Privacy Insurance – 16 votes (13%)
- Data Breach Insurance – 14 (11%)
- Network Breach Insurance – 6 votes (5%)
There were several suggestions offered up; some of the more creative included:
- Complete Data Breach insurance (which tried to get at a description of all kinds of data, not just electronic, which is an important distinction; won’t fly with the insurance industry, but I like the attitude)
- Information (or Data) Wellness insurance (doing healthy things to better manage exposures)
- Information insurance (to simplify the name, similar to life insurance, auto insurance, fire insurance, etc.)
And there were some great comments, such as:
- The term Cyber focuses insureds too much on technology risk, and may encourage investments in technology solutions while ignoring risks that arise from non-tech risk
- And from one commentator, although he didn’t originally like the term ‘cyber’, he has warmed to it, because:
– It means nothing (which means we can apply the definition we want to it)
– It is catchy (true)
– Some people actually know what it generally means
What does all of this say about the product term Cyber Insurance?
I took away the following:
- There’s a lot of unease about the accuracy of the product term Cyber, which seems to emanate from the idea that this line of insurance (should) cover a lot more than cyber-related risks
- Suggestions seem to focus on Information instead of Cyber. I like that idea, since (as noted) cyber-based data is only one source of claims. Claims can result from loss of data that occurs not only through network breaches but also through other channels, such as lost or stolen laptops, thumb drives, disks, tapes, and paper records. I believe that Information includes cyber but is not restricted to cyber, so is a more accurate term.
- But, before we go about changing names (not that I have that kind of influence), cyber has been the term for some time now, and many users know what it means. We might change it to a more current (accurate?) term, but will it really be understood any better?
I promised a free copy of The Betterley Report Cyber Insurance Market Survey 2011 and our Middle Market Purchasing Opinions on Cyber Insurance Study to the best suggestion. Although there were many good ones I thought Erich Bublitz of ThinkRisk showed great insight when he commented:
“It is difficult naming the coverage in part because the coverage varies so much from market to market and what is a good description for one policy is not a good description for another policy. However, keeping the term Cyber is doing a disservice to the industry and to the insureds. When people hear cyber, they assume IT which often makes the IT leader assume this coverage is being bought to cover IT and they then want to make the case they could better spend the money on a firewall or IDS. Additionally, we as an industry want, and the data security industry want, clients to start thinking about enterprise risk management, rather than IT risk management. The term cyber is not helping make the transition to ERM.”
I’d like to thank the 122 participants in the poll and the many others that read the comments, even if they didn’t offer any themselves.