In today's world, Cyber threats are the newest form of burglary and almost every organization is exposed to breaches but have no idea who, what, when, where or why this is happening to them. The need for businesses to adequately protect themselves and their customers from breaches and other cyber crimes is immense. As cyber crimes mature, IT Security controls and employees need to be sharp and alert but unfortunately even the most prepared suffer the impacts of Cyber crimes; it’s nearly unavoidable.
When speaking about Cyber threats, good risk management includes both a capable IT Security team as well as a robust cyber insurance policy from a reputable carrier in order to manage the risk that cybercrime creates. As the threat landscape continues to advance, processing a completely airtight security system is almost impossible. Carriers have become very keen to this and are now focused on analyzing an insured’s cybersecurity during the application process.
[FREE CHECKLIST DOWNLOAD] How to Secure Cyber Insurance Capacity
The tightening of the Cyber Insurance market will continue to harden the underwriting guidelines of most carriers. Premiums will continue to increase and coverage will be limited until a large proportion of the current and potential insureds reach a level of security that significantly mitigates risk. Naturally, this will then result in fewer claims across the board.
Rising at unfathomable rates, it is expected that global cybercrimes will cost the world some $10.5 trillion USD annually by 2025 (up from $3 trillion USD in 2015) states Cybersecurity Ventures. The damage inflicted by such an enormous scale of crime is confounding and far-reaching, and will likely affect various levels of society. Cybersecurity Ventures goes on to explain that cybercrime “represents the greatest transfer of economic wealth in history, risk the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year and will be more profitable than the global trade of all major illegal drugs combined.”
More crime results in cyber insurance coverage hardening.
In most areas of insurance, the higher a subject’s risk, the more expensive and difficult to access coverage will become for that subject.
Cyber insurance is no exception.
Similar to ransomware and phishing scams, cybercrimes continue to explode around the world and cyber insurance carriers are, in response, increasing their coverage rates. Simultaneously, they’re also making it significantly more difficult to even secure coverage by implementing mandatory security protocols that businesses must adhere to or risk voiding their coverage. A few examples of these mandatory protocols include multi-factor authentication (MFA) procedures, endpoint detection response (EDR), closing of remote desktop ports (RDP), and more.
These current protocols can be likened to the worker’s compensation regulations implemented in the Industrial Revolution. With more people working in factories than ever before, the risk of job-related accidents greatly increased during this period. In response to this risk, states began to implement compulsory worker’s compensation laws in order to protect workers. Additionally, worker’s compensation carriers started demanding that work places implement safety protocols to mitigate risk. The combination of these two forces working together helped to decrease workplace injuries - making it a safer work environment for all.
Today, we find ourselves in a similar situation where the proliferation of computer-based work has significantly increased the threat of cyber crimes — a situation that the insurance industry is still trying to adjust itself to.
Advanced cybercrime knowledge a key success indicator for brokers
For brokers operating in this space, the task of securing cyber coverage has become increasingly challenging for three key reasons. The first is the difficult task of finding both capacity and affordable coverage. The second, the challenge of adequately helping customers understand the risk and financial costs associated with cyber attacks. And the third, and most pressing issue, is being able to adeptly navigate the various and ever-changing cyber insurance protocols mandated by carriers.
And it’s to this third point where, in my opinion, brokers must place the bulk of their efforts. Across many complex insurance verticals, the role of the (successful) commercial broker has shifted from that of the transactional deal maker to one of a thought leader.
Nowhere is this more true than the cyber insurance coverage space. Given the ever-evolving mandates and requirements imposed by cyber carriers, brokers must now arm themselves with an advanced degree of understanding of everything related to cyber insurance coverage.
With this, brokers can better anticipate the internal cyber security protocols and practices their clients will require in order to successfully secure coverage.
And it’s in this spirit that we here at Relay are launching a new content series called Cyber insurance 101: A broker’s guide to expertise in cyber insurance.
In this four-part series, we’ll detail the basics on many of the key areas you need to know to succeed in the hardening cyber insurance coverage space, including:
- What is cyber insurance coverage?
- The types of cyber insurance coverage available now
- What to look for in cyber insurance coverage
- The types of ransomware currently circulating today
- Multi-factor authentication and why it’s a key cyber insurance coverage requirement amongst carriers today
- An overview of many of the other mandatory requirements carriers are looking for — including endpoint detection response and detailed risk management measures
- Breach response and its role in a client’s cyber liability policy
- Claims handling and why brokers must ensure the carrier covering their client’s cyber insurance has a clear claims handling policy in place
The aim of this series is to equip cyber coverage brokers with the necessary information they need to compete in the challenging cyber insurance market.
We plan to roll this series out every two weeks so be sure to watch this space for the first article in the series. In article one, we’ll take a look at ransomware and the key role multi-factor authentication plays to protect against it.
About Andy O’Neill, Director of Cyber, Relay Platform
Andrew has had a successful career in the Cyber Liability industry that started with Colemont (now AmWINS) as Assistant Broker through the Broker in Training program with the Financial Services team. Andrew continued his professional development by becoming an Underwriter at the Travelers and later with the MGA Business Risk Partners, where he took control as the Lead Underwriter on the Cyber and Technology program with Liberty International Underwriters. Andrew later returned to the broker side with RT Specialty and continued to focus on Cyber Liability and Tech E&O. He currently serves as the Director of Cyber and Tech E&O at Relay Platform.
Andrew comes from a diverse background. In addition to his extensive background in Cyber Liability and Tech E&O, he also served in the U.S. Army where he was an Air Defense Team Chief and graduated from Airborne school.
.rq/Relay_CyberChecklist_Thumbnail.png?width=435&height=601&name=Relay_CyberChecklist_Thumbnail.png)