Insurance by its very nature is there to cover the unlikely, the residual risk that remains after every reasonable effort has been made to mitigate the underlying risk. Where this is not the case, the chances are the insurance premium will exceed the cost of the necessary risk mitigation, therefore rendering it an uneconomic exercise!

As for Cyber insurance, it is still in its infancy, especially where SMEs are concerned. The reason being, that the risk exposure for most such business remains high, making competitive cyber insurance premiums difficult to come by. 

Covering the costs associated with incidents is all well and good, if the incidents are spotted early and contained rapidly.  Statistics suggest that this is not generally the case. The underlying issue being that most aren't, which means the time and effort required to assess the cause and effect can be significant. What's more the skilled forensic resource required to undertake such investigations is relatively thin on the ground. 

The solution revolves around picking up on incidents as early as possible and initiating actions to neutralise them at the earliest possible opportunity. 

Not only does it minimise the impact, it reduces any potential insurance claim which should in turn, lead to more competitive premiums. What's more it serves to avoid expensive and scarce expertise being tied up on eminently avoidable investigations.

Foregenix has recently incorporated the innovative Canary into its DFIR proposition to help close that ever lengthening 'exploitation window'. Working as a sort of cyber smoke alarm, we pick up on intruders and malicious insiders before the 'fire' actually starts. 

Not only does this make for a much more efficient incident response, but also frees up time for us and our customers to fine tune their incident readiness. 

After all a good fire brigade should spend most of its time on preventing avoidable chip pan conflagrations, freeing it up to fight the big fires that ultimately really matter.