Information Technology Reference
In-Depth Information
Figure 5.6
e-insurance as an organizational risk management tool.
transfer risk. Insurance provides one avenue of risk sharing or risk transference; E-
insurance is one insurance option. E-insurance coverage is a specialized insurance
policy that the insurer tailors to the specific needs of a company. The underwriting
process considers the technology in use and the level of risk involved.
Figure 5.6 provides a perspective of E-insurance both with respect to managing
organizational risk and in context of other insurance coverage. Given any significant
investment or dependency on E-business or technical infrastructure, consideration
of E-insurance falls squarely under the responsibilities of managerial due diligence.
Table 5.6 presents some E-insurance coverage options.
The business case for E-insurance boils down to money; how much of the risk
management budget goes to risk mitigation versus risk sharing. Consider the fol-
lowing example:
Assume a hypothetical total risk of $500 million and a premium cost of $5 mil-
lion for risk
transference
to an insurance company. As an alternative to risk transfer-
ence, consider that an annual risk mitigation investment of $3 million results in
residual risk of $100 million. The risk transference of $100 million may cost $1
million in annual premium; there is already an annual savings of $1 million for
a blended solution of risk mitigation and risk transference. Further, consider that
risk
sharing
of $50 million may cost $500K in annual premium. If the organiza-
tion is willing to accept or self-insure the other $50 million, there is a potential
annual savings of $1.5 million over pure risk transference. Although these numbers
Excerpts from
Most Companies Have Cyber-Risk Gaps in Their Insurance Cover Coverage
and
description of Zurich's E-RiskEdge
™
product.
