Insurers Are Getting Smarter About Cyber Insurance

Uploaded on 2016-05-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Examples of Cyber Insurance Coverage - What does your cyber insurance cover?

2016 shaping up to be a year of greater maturity in how insurance companies underwrite their cyber insurance policies.

Cybersecurity experts expect 2016 to be the year that insurance companies gain a greater level of maturity with how they underwrite cyber-insurance customers and assess them throughout the life of a policy. 

As that happens, customers could experience some pain as insurance companies get wise to the red flags of poor information security practices. But overall, this maturation could mean good things for cyber-insurance customers and the infosec world as a whole.

The most recent example of this maturation came last week two of the biggest global companies with a history in traditional disaster modeling and risk assessment for the insurance industry at large, RMS and AIR Worldwide, announced they'll be moving into the cyber risk management market next month. Together with the Center for Risk Studies at Cambridge University, RMS and AIR worked with eight large insurers and reinsurers, including Lloyd's of London, to publish a Cyber Exposure Data Schema meant to create open standards for how the industry shares data about cyber risk, estimates losses, and to establish common language and categories that cut across the industry.

This move by more traditional players in the insurance market has been precipitated by a number of those in the cybersecurity space who have already started offering up products for insurers looking for better ways to assess and quantify their insureds' cyber risk posture. These services will continue to keep cropping up in spades as the insurance industry tries to balance the increasing demand for cyber insurance with the challenges of underwriting in a dynamic field new to most insurers.

According to PWC, the cyber insurance market is set to triple in the next few years and will reach $7.5 billion by 2020. Its industry watchers have already warned insurers that they've got to get smarter about how they assess risks and write their policies to fulfill this demand.

"If insurers continue to simply rely on tight blanket policy restrictions and conservative pricing strategies to cushion the uncertainty, they are at serious risk of missing this rare market opportunity to secure high margins in a soft market," says Paul Delbridge, insurance partner with PwC. "If the industry takes too long to innovate, there is a real risk that a disruptor will move in and corner the market with aggressive pricing and more favorable terms.”

As things stand, the methods of the third-parties and insurance companies currently quantifying cyber-risk are "all over the map," says Mark Weatherford, chief security strategist for vArmour and the former deputy under secretary of cybersecurity  for the DHS. Some consultants do it through an interview-based process and others through internal scanning, and still others like Risk Based Security and BitSight Technologies use externally visible network behavior to pinpoint companies exhibiting risky symptoms.

It'll likely be a long time, if ever, that the industry will decide on one set method. But this new open standard is a harbinger for a higher degree of rigor and scholarship that insurance companies will bring to bear as cyber insurance moves out of its Wild West days of shooting policies from the hip. As that happens, says Weatherford, there's going to be a period of adjustment for the information security community.

The more the insurance companies gain experience and tools in assessing the true risk posture of clients, the more likely policies will grow expensive for risky clients and claims will be rejected for those who fail to meet policy requirements. That may be an uncomfortable situation during this transition, but there are a lot of benefits in the long run, Weatherford says.
First of all, many insurers who have stayed out of the cyber insurance market due to their inability to accurately underwrite are going to be able to offer more policies to a wider range of firms. And secondly, added pressure from insurers is going to spur many organizations into getting their infosec acts together, Weatherford predicts. 

As companies are assessed before policies are written, the process may uncover issues they may have been unaware of and could spark management to invest in necessary security changes in order to meet minimum policy requirements.

Weatherford predicts that the insurance market will likely move toward a more dynamic, real-time means of keeping tabs on insureds' risk postures--similar to how Progressive adjusts its policies using a data dongle in its customers' cars to monitor driving habits.

"That's a wonderful thing for us in the security because, because now it's going to force companies to say 'If we want affordable cyber insurance, we're going have to invest in security, and we're going to have to be prepared to act fairly quickly when an event like Heartbleed happens," he says.
Dark Reading: http://ubm.io/1SNllWc

« As the Snowden Leaks Began… There Was "fear and panic" in The US Government. There Still Is.
US Spies Want A Laser Gun Bomb Detector »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Cyber Intelligence (CI)

Cyber Intelligence (CI)

Cyber Intelligence is an award winning 'MSC status' cyber security education and training company.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.