Chubb: Holding an inventory is important for cyber policies within small organizations

Published: March 3, 2017

Updated: July 24, 2018

Author: Luke Jones



Speaking at a conference on Friday, experts claimed companies face “big implications” because of exclusions in cyber insurance policies. These exclusions mean the Internet of Things could be a worry for organizations because an underlying cyber incident could be sitting unknown before a policy is taken out.

“What makes a great risk for a 10,000 employee company is going to be somewhat different from what is going to be a great risk for a 100 employee company,” said Matthew Davies, assistant vice president and professional, media and cyber liability product manager for Chubb Insurance Company of Canada.

Speaking about larger companies, “I would expect they would have an employee awareness program of security issues,” Davies said Friday.

“I would want them to have a business continuity plan that they have tested and an incident response plan that they have tested. That may be realistic for a large organization and may not be quite so realistic for a 100-employee organization that is privately held.”

Davies was speaking at the 3rd Annual International Cyber Risk Management Conference, produced by MSA Research Inc. and held Thursday and Friday in Toronto.

“If there is one thing that I would want a 100 employee company to do …. I would want them to have an education program,” Davies said.

He added he would also want a small organization “to at least have an inventory” of personally identifiable information that they hold, “so they know why they are collecting it what they are doing with it and what they do with when they are finished with it.”

Davies was talking on a panel titled The Insurance Gap, at International Cyber Risk Management Conference.