The coronavirus has prompted a spate of cyber attacks, and as an increasing number of organizations report breaches, cyber insurance companies are closely inspecting policy holders’ security agreements. The added scrutiny may result in policy price hikes, or coverage denials.
Remote network connections and the requirement that certain employees rely on personal tech for business, combined a greater number of attacks, aren’t the only drivers of changing insurance policies and models. The direct loss ratios, measuring the percentage of revenue that insurance groups dole out to claimants, rose from 34% in 2018 to 47% in 2019.
Insurers now eye prospective customers for proof of basic, universal cyber security best practices. Insurers look for proper email server configurations, proper security around remote access, up-to-date security patches, and business continuity plans, among other things. “It is hard to discern the truth from answers on a proposal form, so we as an industry are having to do our own due diligence,” said one insurance industry professional.
As a CISO, CIO, or CTO, you’ll of course recognize that the aforementioned criteria are fundamental, but elementary. According to a US government sponsored report that was published in March, US insurers currently maintain a poor understanding of cyber risk. However, this is liable to change over time, especially as federally funded cyber education programs for insurers begin to emerge.
To ensure that your future cyber security insurance applications are accepted, consider upgrading your cyber security today. Prove that your organization should qualify for insurance. You won’t regret it.
For more on this story, visit The Wall Street Journal.