Best Cyber Practices for Insurers
If insurers are vulnerable to cyber attacks, their reputation as an expert in the field of cyber security insurance will be tarnished and they will lose consumer trust. The masses of sensitive and confidential personal data insurers possess could turn them into victims of cyber threats.
Protecting their insureds is also tricky. Insurers working to provide their customers with adequate cyber coverage must overcome many challenges.
While insurers writing policies for flood insurance, for example, can draw on a rich history of this type of natural disasters to formulate a model, they are left empty-handed when it comes to historical data on cyber attacks. It’s a relatively new field, so there’s no historical precedent to speak of.
Not only is there a lack of historical data (above), in many cases the law doesn’t require organizations to reveal cyber breaches, other than those impacting consumer data. A significant number of cyber attacks are thus left unreported. This deprives insurers of the data they need to measure all the costs of a cyber attack, making it difficult for them to write effective cyber policies.
Organizations’ lack of knowledge about their internal readiness for cyber attacks makes underwriting exceedingly difficult for insurers.
Many organizations don’t understand the full scope of the cyber risks confronting them and the insurance coverage options available. This sometimes prevents them from seeking any coverage.
Cyber insurance is fundamentally different from other types of coverage in one key area that Symantec calls the “actuarial paradox.” The dilemma: if a company gets breached and responds strongly, is that company then more prepared and thus a better risk in the future? If so, can the insurer charge a lower premium for previously breached companies if their responses to those attacks have lowered future risks?
Even one cyber attack could result in exposure to a multitude of claims that could be a disaster for insurers.
Best Practices for Insurers
The following are just a few recommended trends and best practices:
In 2016, Symantec tracked 357 million new malware variants using a detection network of 225 million devices in 157 countries. Ransomware is a particularly malicious form of malware, with 464,000 detections (up 36 percent in 2016). By leveraging accumulated data, insurers can create models that assist in understanding the impacts of cyber events, such as WannaCry.
Insurers, along with third party analysts, should establish themselves as trusted advisors, assessing organizations’ threat exposure, helping them fully understand and mitigate their cyber security risk and providing tools and resources to help customers understand their exposures.
With the growth of cyber insurance, insurers have become advisors especially when major cyber attacks take place. When customers face ransomware attacks, for example, insurers can be a key source of guidance in advance of a breach and following the breach. Insurers have experience with ransomware and can assist their customers in taking the appropriate action.
They can also send specialists to help the insurer set up firewalls, and other protection, work with them on how to defend themselves in real time against cyber attacks, establish a response plan and minimize the effects of a breach on the organization.
Educated consumers are more likely to seek out and implement risk-management programs and even purchase coverage. Insurers should use marketing and advertising to inform their customers about the risks of cyber attacks and the solutions insurers offer. They should also provide their agents and brokers with risk awareness and loss control materials that can help them to spread the word.
For more information on the scope of cyber challenges for insurers, additional best practices and how Sapiens can help keep you protected against hackers, please check out our NEW white paper: Insurers in the Crosshairs: Winning the War Against Hackers.