The cyber insurance market is still trying to work out what it is actually offering. Not so long ago, it was a simple product, available at a reasonable price under simple, easily comprehensible conditions. Now, in the wake of increasing ransomware attacks and astronomically expensive collateral damage, the market has hardened.
Denials are common. Litigation is increasing. And clients are taking a gimlet-eyed look at their budgets. Is cyber insurance actually even worth it?
To make that determination, it's a good idea to take a look at what exactly your insurer is offering, aside from limited coverage in the event of an attack. Are they providing expert advice? Penetration testing? Tabletop exercises that expose your vulnerabilities? And if they aren’t, what should you do about it?
Experts weigh in on how to navigate the market -- and how make up for its shortcomings.
Cyber Insurance Partnerships
In human partnerships, there is a fine line between being possessive and being attentive. The same is true of the relationship between insurer and insured. In the cyber insurance market, that negotiation remains a tenuous one. Some insurers are remote -- they do the bare minimum when a crisis arises. Others are more demanding, requiring extensive audits before providing coverage.
Do you want the frosty friend-with-benefits or the jealous boyfriend? Neither probably. You want your calls returned, but you don’t want your phone ringing off the hook. The trend is toward the latter -- so it’s becoming a matter of just how clingy you want your partner to be.
“Carriers have become a bit more savvy when it comes to cyber risk and loss management, fueled by an almost seemingly endless portfolio of claims underwritten over the last few years -- many of which have involved significant dollar payouts,” observes Kevin Novak, managing director of cybersecurity at risk management firm Breakwater Solutions. “As such, you can expect carriers to demand considerably more information about your company’s cyber programs; particularly to those areas that have proven to contribute most significantly to recent large-scale breach events, such as multi-factor authentication, end-point security, and privileged access management.”