Cybersecurity Insurance Policy Review
Jan 13 2022

Separating Cyber Insurance from Comprehensive Security

The world of cyber insurance is in a deep state of flux. Ransomware is more than just a game-changer; its massive financial impact is re-wiring the field entirely. The U.S. Government Accountability Office (GAO) published a cyber insurance report that came out on May 20 which touched on these changes:

  • The percentage of insurance clients opting for cyber coverage climbed dramatically, from roughly one-quarter (26%) in 2016 to one-half (47%) in 2020.
  • Insurance prices rose between 10% and 30% in just the last few months of 2020.
  • Insurance companies are lowering coverage limit availability for some industries, such as health care and education.
  • Insurers are spinning cyber coverage out as a separate policy rather than bundling that coverage with broader coverage.
  • Insurance coverage is also hampered by a lack of broadly accepted definitions. Terms like ‘cyberterrorism’ remain ambiguous. Even the definition of ‘ransomware’ is less exact than it should be. This leads to potential misunderstandings between insurance companies and their policyholders.
  • The GAO concluded that “the extent to which cyber insurance will continue to be generally available and affordable remains uncertain”.

The entire marketplace is mid-reinvention. Cyber insurance only makes sense when the company purchasing it is also addressing their data risk management plan from a comprehensive security perspective.

Last week, a great article appeared in Forbes Magazine, titled: Predicting what 2022 holds for Cybersecurity. Here is the link for those interested in reading further.

The article highlights twelve topics, but my favorite is the following: “The Death and Rebirth of Cyber Insurance”. The logic of the paragraph is self-evident. When one combines the growing awareness of the risks associated with data breaches and cyber incidents along with a maturing cyber-insurance market, premiums will become prohibitively more expensive for companies that don’t have a sound security strategy.

Take the obvious steps now, mature your company’s cyber security posture while you still can. Both your customers and your cyber insurer will appreciate it, let’s talk.

Image Credit: Envato Elements