by Ross Baker
This is the most wonderful time of the year for IT analysts and commentators. You can’t move for bold predictions on what the year ahead might bring, so I thought I’d add my two pennies’ worth. The past 12 months has seen data breaches pile up with alarming frequency and the financial hit continue to rise. According to the 2014 Information Security Breaches Survey the cost to large organisations doubled from £450-£850k in 2013 to £600k-£1.15m this year.
What does this mean for the channel in 2015? I think it’s time for ambitious partners to take a look at “cyber insurance” – it could be a great way to differentiate, add value and increase margins.
What’s the big idea?
Cyber or information security insurance is nothing particularly new. Specialist business insurers have been underwriting the risk of IT breaches and data loss for years, although in greater numbers of late. They usually agree to cover the financial losses that almost certainly follow such incidents; including PR fees, forensics and remediation, and any legal fees incurred by follow-up court cases brought against the organisation.
So where does the channel come in? Well some of these specialist insurers have begun to draw up policies where the cost of the premium is reduced if their clients have in place certain IT security technologies. Security is often talked about as a de facto insurance policy for organisations, but now it is being explicitly referenced by the insurance industry itself. This offers as-yet-unrealised possibilities for channel partners to team up with insurers and vendors to offer end customers a whole new kind of package.
The value add
For channel resellers looking for that elusive “value-add” and those trying, but often failing, to gain the ear of the CISO or CIO, this could be an interesting new opportunity. At the very least it could open the door to that all-important conversation with the C-level, maybe even the CFO, and differentiate you from the crowd.
By investing in proactive and innovative cyber security as part of a strong cyber insurance strategy, end customers can reduce risk and the potential costs associated with a breach. This will both cover the organisation and help to give a layered approach so that, even in the event of a breach, teams know how to react and remediate to ensure there is as little exposure as possible. This multi-tiered approach will ensure premiums are reduced – if you invest in the right technology – and it will help bolster brand and reputation.
What’s in it for the channel?
The channel partner plays an important role here. They should be on hand to make a persuasive case that investing in technology X will reduce the chances of a serious breach – that it’s not just a tick-box for the insurance policy but genuinely beneficial.
The vendors will also want to get involved because it’s likely that policies will be drawn up which require commitment to a layered strategy. This means end-customers looking at new tech to deflect zero day attacks and APTs, as well as base-lining the more commoditised technologies which are still very much required.
The biggest obstacle channel players may encounter is a lack of knowledge and awareness…even in 2015. There’s also a lack of consistency in the insurance industry about exactly which technologies should warrant a reduction in premiums and by how much. But these are all details which ambitious channel resellers can and should be on hand to help thrash out.