Should Zero Day Vulnerability be covered under Cyber Insurance?

india_insurance_logo_2

A Google Research Reporter has just released information about a vulnerability in Windows 8.1 which has remained unpatched for more than 90 days after even Microsoft was informed about it.

Read the Details here

A discussion is going on whether Google was right in publishing the vulnerability which could be existing in millions of computers worldwide and could be exploited for commission of various kinds of Cyber Crimes.

Ethics apart, this also raises the issue of what happens to the thousands of computer users who may find the vulnerability exploited by a criminal who either uses it to siphon off money from Banks and other financial assets or simply uses it for e-extortion.

Until Microsoft itself is able to find a solution, it is unfair to expect any user as well as a CISO in an organizational environment to be able to effectively defend against this vulnerability.

This raises another question in the minds of conservative corporates who may be inclined to cover every known/unknown risks with an insurance cover, on whether a “Attack based on a Zero day vulnerability” would be within the scope of the insurance policy.

What if an Insurance company equates this to “An Act of God kind” or at least ” Special Premium case” and refuse to cover the losses under the current standard policy?

Whether the status of the risk will change after it has become public knowledge so that exploits prior to this day would be covered and subsequent days or not?

Well these are the issues that the insurer and the insured need to discuss and settle at the time of writing the contract.

We are trying to understand what is the market perception on this issue in our India Cyber Insurance Survey 2015. Please participate in the survey and contribute your thoughts also to the pool. You can access the survey form here:

 https://fs22.formsite.com/SBYrSa/form2/index.html

I would appreciate if you can also ask your friends to participate and contribute their views to make the survey a success.

Naavi

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.