Cyber-insurance: a financial perspective to incident response

Pascal Lointier AIG Europe

  download slides (PDF)

Based on a non-profit French survey, most SMI-SMB don't conduct a risk assessment even though they are more and more dependent on information systems. Furthermore, and this applies to large corporates too, they have very limited dashboards to measure the financial impact of security incidents: virus infection, data sabotage, business interruption or lack of suppliers due to IT issues.

As a result, impact is much more damaging as they have not been able to do any (financial) risk transfer using cyber-insurance. CISOs will thus know how to be refunded for their crisis management costs.

This presentation will explain the basics of cyber-insurance (data and computer resources) and the various direct and indirect losses that could be refunded: lack of profit, investigation costs, ransom, extra hours, penalty fees, reputation restoration, etc. This insurance analysis could be a possible contribution to RoSI assessment too and will be detailed through some scenarios.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.