Security auditing industry set to grow

As more companies take out cover against security threats, insurance companies will want to see proof of customers’ compliance with best practice on security.

Ollie Whitehouse, managing security architect with @Stake, which works alongside insurance companies underwriting on security matters, said that auditing was set for major expansion, with financial institutions, telecoms companies and surviving dotcoms as the main customers.

‘It’s happening here now and, although the sums aren’t phenomenal, maybe up in the hundreds of thousands, the choice is there,’ he said.

Auditors would be required to provide evidence to insurers of a customer’s data security policy compliance, complete with back-up and disaster recovery policies. Customers would also have to prove to auditors that they were up to date with the latest virus patches.

The London Stock Exchange already demands auditing for security requirements for listed firms.

Some insurance companies have been operating in this sector for a while, with St Paul in the US and Hiscox in the UK leading the way on either side of the Atlantic.

And with viruses such as 2000’s Lovebug causing $7bn worth of damage to business globally, Whitehouse believes it is an option firms will welcome.

‘After 11 September, insurance firms have been hit with huge pay outs so they’ve not invested much into looking into this area, but they will soon and auditing could become a big industry in itself,’ he argued.

Related reading