Advice For Cyber Insurance Buyers

Uploaded on 2017-06-21 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

The cyber insurance market continues to evolve, and the number of companies buying cyber insurance continues to expand. What’s more, that expanding cyber market offers a wide variety of coverage terms at different price points.

But companies interested in securing cyber insurance should know that the underwriting process requires careful diligence on their part. CFOs and risk managers need to have a firm grasp of the processes insurers use, not only to price a policy but also to determine whether they will agree to underwrite the risk at all.

One of the first steps in the underwriting process requires the company to submit an application to the insurer. The application will seek baseline information about the company’s size, number of records maintained, type of information maintained, security policies and procedures, and disaster planning.

The company’s ability to answer those questions with complete and detailed information is critical. Comprehensive answers can help ensure that the policy will be competitively bid by a number of insurers and secure the lowest premium pricing.

Underwriters will be most interested in companies that can communicate effectively that they know where their records are maintained and how many records are at risk. They’re also more open to companies that have implemented strong security measures to protect their records and minimise the likelihood of a breach.

Further, cyber carriers will also look for representations in their application about whether the corporation, and sometimes what’s termed “any insured” (which means all employees), has knowledge of claims, facts, or circumstances that can spawn a claim.

Some companies blunder by providing a response to that question without giving enough consideration as to who within the organisation is being asked to make that representation or on whose behalf the representation will be made. The consequence of failing to understand the importance of these requested representations can be severe.

For example, let’s look at the experience of a hypothetical credit card company which has just disclosed a hacking incident that compromised many customer email accounts several years ago. In its current disclosure, the company admitted that some of its employees, including senior executives and attorneys, knew about the breach at the time of the incident.

Even though the company had applied for and bought a cyber insurance policy late last year, coverage in this fact scenario could be seriously at risk. That’s because employee previous knowledge of the facts could lead to a claim by the insurer objecting to the fact that the company hadn’t disclosed that knowledge for several years.

Further, basing their claim on these facts, some insurers may seek to rescind the entire policy, asserting that a material misrepresentation was made in the application. In other words, insurers may argue that they have no coverage obligation for the undisclosed known breach or any other claims that may arise because the policy was issued under false pretenses.

“Meet and Greet” Underwriting

Once the application has been submitted, the underwriters may want direct access to the chief information officer or others responsible for protecting company information. Companies must understand that those individuals will play a key role in whether the insurer will agree to quote and/or how much will be charged to insure the risks.

But most CIOs and other “techies” aren’t familiar with the insurance procurement process and may not understand how information should be communicated to the insurer. To avoid missteps, companies should have a detailed planning meeting with representatives of the insurer along with the insurance broker and coverage counsel before information is relayed to the underwriter.

Finally, many insurers conduct their own diligence to evaluate whether to underwrite a risk and, if so, at what premium price point. Risk managers and CFOs should be aware that insurers are using a new type of metric to assess their companies’ cyber risk exposure. It’s called a “security score”, a concept akin to a credit score.

For example, BitSight Technologies is a risk assessment vendor that analyses companies for breach risk and response preparedness and assigns a security rating. According to its website, BitSight gathers data on security breaches from sensors deployed across the globe and uses algorithms to assess a company’s records management, encryption methods, and security vulnerabilities.

The firm then assigns a security rating and provides benchmarking information to demonstrate where the company falls short on the risk assessment spectrum. Companies on the lower end of the spectrum may not receive a quote for cyber insurance, while companies on the higher end may receive such better terms as lower premium or lower retentions. Companies looking to buy cyber coverage need to know that, in an important sense, they are not alone.

CFO:

For more information and help with your organisation’s security contact: Cyber Security Intelligence

You Might Also Read:

Five Pitfalls of Cybersecurity Insurance:

Cyber Crime Drives Up The Cost Of Insurance:

Cyber Should Be Standalone Insurance:

 

« Power Companies Cyber ‘Nightmare’
AI Meets Music’s Evolution »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.