Role of Traditional Insurance
-
Plays a crucial role in understanding, managing and mitigating risks arising from
emerging domains and evolving technologies
-
Facilitates innovation
-
Uses the past as prediction for the future - two basic models:
-
-
Fire model - individual houses catch on fire at a fairly steady rate
-
Flood model - an infrequent large-scale event affects large numbers of people at a fairly steady rate
Cyber...
... does not follow either "fire" or "flood" model
... cannot use past information (actuarial) to
predict the future
... incidents happen at irregular rates in varying scale (single breach
to "class breaks")
Today's Cybersecurity Insurance
Designed to mitigate losses (transfer risk) from a variety of internet-based, cyber incidents and risks relating to IT infrastructure and
activities
-
Typically excluded (or not specifically defined) from traditional general liability policies
-
Few US companies have adequate cybersecurity insurance
-
-
Historically, purchasers included: Technology, Media, Telecom (TMT) and professional services
-
Recently, companies that deal with PCI / PII / PHI data –
retailers, financial institutions, healthcare are increasingly utilizing cybersecurity insurance
-
Historically, policies dealt with data breaches and third-party liability coverage:
-
-
Costs associated with breach class-action lawsuits or settlements (only)
-
Recently, more first-party liability coverage includes:
-
-
Online extortion payments
-
Facilities rentals during an attack
-
Lost business due to systems failures, cloud or web hosting provider outages due to IT configuration errors
-
Changing the “intent of coverage” from cyber exclusion to cyber coverage
-
-
Stand-alone cybersecurity policies cover gaps
Why We Need Cyber Insurance
Cyber insurance risk mitigation roles
-
Engineering risks
-
-
Understand risk factors, develop insights, common metrics and scalable solutions
-
Channeling corporate risk
-
-
Assuming corporate cyber risks
-
Managing systemic risks
-
-
Promote cyber resilience to prevent cascading, single points of failure and aggregation risk
-
Harnessing collective security insights
-
-
Analyze data across industries by being central repository
-
Enhance information sharing and exchange
-
Shaping broader risk trends
-
-
Financial incentives to change behavior
-
Harmonizing risk-related standards and practices
-
-
Apply standardized tools, metrics and norms for assessing vulnerabilities
-
Research and share sources of aggregation risk
Cybersecurity Insurance Problems
Let us help you with cyber insurance