According to the Department of Homeland Security,
“A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection”. (www.dhsg.gov)
We asked Christine Marciano, the President of Cyber Data Risk Managers LLC, to provide some feedback on the current state of cyber insurance. Christine is a nationally recognized and experienced cyber insurance broker and thought leader. She has over 20 years of insurance experience and one of the few brokers who solely focuses on cyber.
Best advice for a company with no cyber insurance policy in place:
- Review your existing insurance coverage. Most insurance policies do not cover cyber, so it is important to explore stand-alone cyber policies.
- Make sure you align risks with the right coverages. You must ensure that there are policies and procedures in place and that you understand the type of vulnerability and risks you may face, to fully align with the correct coverage.
- Know what you are buying. It is vital that you understand exactly what is covered in your policy and that you review your needs as they relate to policy details.
- Know what is excluded. Many policies exclude things such as negligent computer security, so be fully aware of what your policy does not include. Seek out an experienced cyber insurance broker who can help you avoid these unnecessary exclusions.
Process of Cyber Insurance
1. Establish policies and procedures. Most organizations utilize the NIST Cybersecurity Framework to gauge how they are protecting their data and how they understand the types of risks and vulnerabilities they may face. Important considerations include:
• Your understanding of cyber risk and vulnerability as they relate to the entire business.
• Your ability to demonstrate how you are protecting critical data.
• Your consideration of data breach scenarios.
2. Review types of coverages. Work with an expert to examine what types of coverage aligns with your specific cyber risks.
3. Underwriting application process. During this process, an expert will aid with appropriating specific coverages in order for an organization to obtain a policy that is customized to their specific needs.
Future of Cyber Insurance
Christine believes that the product will differ greatly in the future. With revolutionary advances like the internet of things and driverless cars, risk will continue to drastically evolve. Policies will become more comprehensive and increasingly complex in the coming years as well. Eventually, a uniform framework, such as NIST, will be adopted in order to standardize the price of policies. As knowledge matures and policy pricing becomes more established, it will become a standard coverage and a clear priority for organizations.