With cybercrime at an all-time high, cyber insurance is a hot topic. It’s used to protect businesses and individual users from internet-based risks and, more generally, from risks relating to IT infrastructure and activities.
Allianz recently introduced a new cyber-risk management service for businesses that includes options not only for enhanced cyber-insurance coverage from Allianz, but also cyber-resilience evaluation services from Aon, and secure technology from Cisco and Apple. And similar partnerships are likely to come about as cybersecurity increasingly is top of mind with enterprises and organizations of all sizes.
To get the lowdown on cyber insurance, Channel Partners spoke with Alex Heid, chief research officer at SecurityScorecard, and Ryan Collier, chief digital officer at Risk Placement Services (RPS). SecurityScorecard provides security ratings and continuous risk monitoring for vendor and third-party risk management, while RPS is one of the nation’s largest distributors of cyber insurance, with more than 20,000 cyber policies.
Heid says partnerships like the one between Cisco, Apple, Alliance and Aon look “quite advantageous because anytime you have the vendors who are willing to work with their customers, and even more than that, work with the customers of their customers for some kind of a higher-level principle of overall security, that’s a good thing.”
“If a company is using the most updated Cisco appliances and it’s vouched for by the vendor themselves … and they would get a cut on their insurance rate, it seems to be a very promising opportunity from just the standpoints of marketing, brand awareness, reputation management and also revenue generation,” he said.
There are many types of cyber policies, including those for data breaches, ones that cover forensics and others that cover reputation management, Heid said.
“Depending on [which] industry it is and what the need is, and what the risk is, then basically there’s a niche of cyber insurance that would be applicable to them,” he said. “But I would be cautious to recommend that everyone just get blanket insurance coverage, because it’s not necessary. For example, a data center would benefit more from a policy that covers maybe incident response, data breaches and service outages, whereas a financial-services provider might be interested in one that covers losses due to fraud, reputation management and theft. It depends what the company does, what’s their role within the business ecosystem and what are their crown jewels.”
Collier says U.S. businesses of all sizes “in any industry and at any sophistication level” need a cyber policy. Also, it is important for them to buy a “very broad” policy that includes a breach-response team provided by the insurer that’s activated when a breach is reported, he said.
“One of the stats that I think really clarifies the thinking on that is any business that is in business has about a 5 percent chance for a slip-and-fall to implicate their general liability policy, and any business in the United States has a 43 percent chance of withstanding a cyberattack in any given year,” he said. “Those stats to me are alarming.”
Before an organization approaches cyber-insurance companies for coverage, they should pull their …