Cyber insurance coverage can help raise security baselines across businesses, but organizations that have standalone policies are the exception to the rule.
One of the most effective ways to improve cybersecurity throughout an organization is to purchase cyber insurance.
It won’t eliminate the possibility of a data breach, but because there are strict rules to gain approval during the underwriting purposes, an organization’s overall cyber posture automatically improves, according to research from Forrester.
Despite the positive impact from cyber insurance, the Forrester study found just one-quarter of companies have a stand-alone cyber insurance policy.
There are plenty of reasons why organizations continue to shy away from stand-alone cyber insurance. It could be that other insurance policies held by the company include some cyber coverage. But concerns around cost and coverage limits have also scared away potential buyers.
Adding to the coverage gaps is the complexity of gaining coverage, with separate coverage for first and third party policies.
“First party is an insurance policy that covers you for your loss. The third-party policy pays you to defend yourself against a third party and pays a third party if there is a judgment against you,” said Peter Hedberg, VP of cyber underwriting at Corvus Insurance, to an audience at the RSA Conference in San Francisco in May.
The first cyber policies provided predominantly third-party coverage focusing on covering online media and computer errors, but in the 2000s, the exposures evolved to include data breaches, explained Emma Werth, RVP Underwriting at Cowbell Cyber, in an email interview. The need for first-party coverages emerged with the increased exposure to viruses, ransomware, and cybercrime.
“Now, we’re seeing further evolution as we face the new exposure of AI,” said Werth.
New technologies shift coverage
AI is front and center in the race to recognize new technologies and connected devices at risk of cyberattacks. Organizations are trying to figure out how AI is being used and how to differentiate an attack caused directly by AI rather than as part of another attack or a rogue employee.
It is a global change for everything, and even insurance companies are struggling to figure out how policies will cover AI.
“AI is going to affect every type of insurance because it is going to affect risk,” said Violet Sullivan, AVP solutions team leader at Crum & Forster, during the RSAC panel.
But cyber insurance is shifting its coverage outside of the corporate network and into a more personal realm.
“We have cyber [insurance] for autos now to protect against data breaches if an auto’s information system is compromised,” said Monique Ferraro, Cyber Counsel with HSB, during the RSAC panel.
Comments
Post a Comment