The Dilemma for Cyber Insurance Providers

Cyber Insurance Providers

Can Cyber Insurance Companies Accurately Determine Cyber Risk?

Hardly a day goes by when we do not hear about a significant hacking event with serious repercussions. Organizations face downtime, loss of data, potentially significant fines, and issues with reputation. Little wonder that they are looking for protection through insurance policies at the same time as they take steps to mitigate the risk. Yet how do cyber insurance companies accurately quantify these risks, and how will their decisions affect premiums?

Appetite for Risk

Certainly, insurance companies are learning as they go and developing methods to help them assess risk. It’s not easy for these companies to determine how much coverage they will give, as it is difficult to quantify the overall appetite for risk.

Steep Learning Curve

Individual companies may be in different positions along the learning curve and are likely to have a varied outlook. Some may already be established in the market and offer cyber policies to organizations, while others may be unsure how to proceed. Unfortunately, there is a limited amount of information regarding insured loss, which can make it hard to underwrite with confidence.

Market Differentiation

Furthermore, some insurance companies struggle to differentiate and therefore establish dedicated cyber insurance policies. This is because some attacks that result in data losses and financial implications may already be covered under a professional indemnity policy.

Software Support

Some people believe that software tools could help define the market and allow insurers to come up with accurate and sustainable quotes. These tools may augment existing methods based on exposure management, while other companies may already have a loss estimation methodology.

Data Accumulation

Certainly, data represents the biggest challenge of all. Some information may be available from outside parties, but it can be hard for an insurance company to assess their exposure and promote a premium. The position becomes even harder due to the fast-moving nature of the threat and the emergence of new technologies and different terminology.

Third-Party Vendors

Those outside parties may become crucial as plans become more advanced. Third-party vendors can help clients assess risks, identify vulnerabilities, and anticipate attacks. As these models mature, insurance companies may have more accurate and reliable data to help them with their projections.

Moving Forward

The largest challenge remains the gap between the insurance world and cyber security experts. These two sides will need to work more closely to collect and share data so the insurers can better understand the risk. This will allow them to create meaningful policies and set premiums that make sense for all parties.

Shawn Corrigan

Shawn Corrigan is the President and Founder of Interactive Security Holdings Inc. Interactive Security has grown into a global company offering IT Compliance Auditing services for small to large companies - focused on making it obtainable, simple and affordable. With over 20 years in the BPO and Financial industry working at the executive level, Corrigan has experienced the pitfalls, trials and tribulations of bringing an enterprise organization into IT compliance. Corrigan has designed a methodology geared at guiding clients of any size to successfully achieve compliance and ultimately obtain compliance certification. Corrigan is certified as a FISMA – NIST Implementor, PCI-DSS QSA, HiTRUST Certified Practitioner and HiTRUST Certified Quality Professional, ISO 27001 Lead Auditor and Implementor