Cyber events have risen to become the world’s third-largest business risk, prompting many companies to seek cyber risk insurance.
Enterprises are facing the real danger of being unable to obtain coverage for a security breach as the cyber insurance market becomes more competitive. Could a more standard framework for verifying an organization’s security posture be created through increased collaboration between insurers and their customers?
Insurers attempting to offer comprehensive cyber coverage to their consumers face a number of obstacles. The following are four of the most fearsome.
Cyber-attacks can be scaled up
Cyber-attacks are extremely scalable, as they can potentially affect thousands of businesses at the same time, resulting in massive interconnected losses for insurers. There are highly critical core nodes due to the internet’s architecture. For cyber insurers, this form of network centralization has two issues. If a vital service, like a vast cloud computing platform utilized by many policyholders, went down, it would be one sort of issue. The insurer may be forced to pay all of its policyholders’ claims at once.
The true conundrum
In one critical area referred to as the “actuarial paradox,” cyber insurance is substantially different from conventional forms of coverage. The problem: is a corporation more prepared and hence a better risk in the future if it is breached and responds vigorously? If that’s the case, can the insurance offer lower premiums to organizations that have been penetrated in the past if their actions during those attacks have reduced future risks?
Lack of understanding of both cyber risk and cyber insurance
Many businesses are ignorant of the entire scope of cyber risks they face, as well as the insurance coverage available to protect them. They only grasp the need for insurance after they have been the victim of a cyber-attack. To reduce the number of organizations that have to understand cyber insurance the hard way, CISOs should be at the leading edge of sharing information with the industry. They should share their views with their counterparts about the different types of cyber-attacks, threat actors, and the financial repercussions of a security breach so that they can be prepared.
Unfinished underwriting information
Underwriters depend on data supplied by potential cyber insurance customers to provide the correct type of coverage at the right price. In order to make it easier for clients to deliver the proper sort of information, insurers need customers to fill out a proposal form or questionnaire. Frequently, this questionnaire is not completed entirely, putting the underwriter in the dark regarding the risk to be covered and the customer’s cyber risk readiness. As a result, coverage is sub-optimal or non-existent in a few cases. It is advantageous and useful for businesses to give all of the information requested in the proposal form.
Customers find it extremely challenging to answer the underwriter’s questionnaire for a variety of reasons. Sometimes it’s a lack of understanding about their own cybersecurity procedures; other times it’s apprehensions about delivering the answers. Since insurance is a contract of absolute good faith, the information requested by the underwriter must be provided with care. Insurers have begun to employ cyber risk assessment tools in order to gain a better understanding of their customers’ security preparedness.