Analysis Global mega-insurers Allianz and Aon have just given IT buyers and the security industry plenty to ponder by cooking up a deal with Apple and Cisco that makes users of those companies’ kit eligible for a special class of cyber insurance.
Part of the new deal is business as usual, as it will see “Aon cyber security professionals … assess interested customers’ cyber security posture and recommend ways to help improve their cyber security defenses.”
This happens already, often when organisations go shopping for cyber risk insurance to cover the impact of data breaches or other hacks. Insurers run the rule over would-be-policy holders to understand the risks involved. The Register has heard tales of the results being pretty scary: organisations are told they’re only insurable but only if they pay terrifyingly expensive premiums given the state of their defences.
This is also business as usual for the insurance industry: if your house has no bars over the windows, you pay higher premiums. Insurers will tell you that if you install bars, your premiums go down. Which is really saying "if you reduce your risk, we'll reduce the cost of insurance."
The same advice is offered when you shop for cyber-insurance. Organisations typically take that advice seriously and act on it quickly, because again the insurers are really telling them how to manage risk.
Hence the significance of the other aspect of this deal, namely Allianz assessing a combination of Cisco Ransomware Defense and unspecified Apple products as sufficiently secure it will offer insurance that offers “broader coverage and lower deductibles” than its other products.
The message here is clear: buy Apple and Cisco for cheaper, better insurance, because if you use Cisco and Apple you're at lower risk of being hacked.
Such a proposition has the potential to freak out the security market, a field in which hundreds of vendors offer overlapping products. Buyers end up with lots of tools that they hope add up to an acceptable risk profile. If other insurers follow the lead of Allianz and Aon, buyers will have templates explaining what they need to buy to demonstrably reduce risk as determined by the dispassionate assessment of actuaries (who were data scientists before Data Science was cool).
Pity the niche product vendor that doesn’t make such templates. Fear the power of insurers to make and break vendors. And imagine the controversy if a really big insurer came out and said that insurance premiums will always be lower if you run Macs instead of PCs.
But above all, brace yourself for actuarial influence on your future purchasing decisions. ®