Cyber insurers advise and sometimes even insist businesses have an incident response plan in place when applying for cyber insurance. Those plans are becoming a must-have in light of the cyber pandemic that is threatening the stability of several critical supply chains (oil, food, transportation, etc.) Similarly, it is in the best interest of cyber insurers to take proactive measures and establish their own response plans, amend their underwriting guidelines, become a resource for their customers, and help educate them on the current and emerging risks in the market. In the coming years, next-generation cyber insurers will need to go even further, using technology and data to better understand exposures and build partnerships with insureds and their security vendors.
The insurance and cybersecurity industries become more closely intertwined every day, and the demand for underwriters of cyber insurance coverage will only continue to grow. This changing landscape creates new growth opportunities for the industry. With cybercrime on the rise, below are a few ways that underwriters can provide more comprehensive cyber insurance.
Provide Industry-Specific Resources for Policyholders
Every organization has cyber vulnerabilities; however, some industries face amplified risk and specific attacks. For example, most healthcare organizations store patient medical data on a shared network drive. This places the data at higher risk of a breach, which can be a HIPAA violation leading to fines up to $1.5 million. While from a business owner’s perspective, it might seem easier to get cyber coverage as an endorsement to another commercial policy (Business Owner Policy, or other), businesses in these higher-risk sectors need to be fully educated and aware of how standalone cyber insurance offers more robust protection and value for their needs.
Underwriters need to serve as a resource for these companies, providing industry-specific examples and data points not only to illustrate the pressing need for standalone cyber insurance but also to help them find the policy that will suit their specific needs for protection. To best establish a response plan, underwriters should help businesses understand what their threat landscape looks like before recommending adequate coverages and limits.
Continuously Assess Risk
Cyberattacks are continually evolving, so a company’s approach must evolve as well. Every business has a unique digital footprint and utilizes technology differently: this translates to a unique risk profile with unique vulnerabilities to cybercriminals. Underwriters must illustrate security weaknesses and explain how proactively addressing them will result in more and better options when applying for insurance. By resolving weaknesses within their organization, companies can reduce their potential exposure to security threats, making them a more attractive policyholder for underwriters.
The best way to prioritize transparency is to offer tools and services for policyholders to understand their risk exposures and give recommendations so that security and IT teams improve their organization’s risk profile. Industry peer benchmarks and online access to risk ratings can be extremely helpful for businesses looking to deepen risk management knowledge.
Bundle Cybersecurity Awareness Training with Policies
Many cyber insurers mandate that their policyholders implement a security awareness training program for their employees. To strengthen their relationship with policyholders, underwriters can bundle an awareness training program of their choice with policies. This will ensure organizations are equipped to identify security risks in the real world, as well as educate their employees on how they can take steps to prevent data breaches or cyberattacks.
Because the threat landscape is constantly changing and evolving, a single, one-time training session is not enough — rather, this training should be an ongoing, continual process as new threats emerge and come to prominence. By providing this continuing education and helping organizations identify and address security risks, underwriters are able to create additional service value while helping mitigate their customers’ risk.
With new threats emerging every day, it becomes critical for underwriters and organizations to be intimately familiar with potential weaknesses that can be targeted. Underwriters can help prepare policyholders and provide the most comprehensive cyber insurance possible by serving as a knowledgeable resource for industry-specific policy needs, as well as helping to continuously assess customer risk and conducting robust, ongoing cybersecurity awareness training. Through an active and transparent partnership with their policyholders, underwriters can help establish a more secure environment, creating stronger protection for their customers and hopefully making sure they don’t need to use their cyber insurance policy coverage.
Source: https://www.securitymagazine.com/articles/96779-how-cyber-underwriters-can-better-respond-to-the-current-cyber-pandemic