The intricacies of cyber coverage are of growing interest to technical professionals — so much so, in fact, that the June meeting of the International Information System Security Certification Consortium (ISC2)’s New York Chapter was devoted to Cyber insurance.
ISC2 provides education and certifications in IT security. The Certified Information Systems Security Professional (CISSP) is perhaps their best-known certification.
The audience for the two sessions presented were tech professionals — and it was clear from their questions peppered throughout the presentations and in Q&A that Cyber insurance coverages and the claims process were both of keen interest to attendees.
While much attention is focused on data-related cyber theft, Mike Cavanaugh, vice president and director of production at Apogee Insurance Group, noted that bodily injury, property damage and business interruption are emerging as cyber-related risks to business. The increasing connectedness of insecure devices (i.e., the Internet of Things) is increasing the probability of these threats.
Most insureds, Cavanaugh said, don’t realize their General Liability policies probably don’t cover physical damage caused by cyber attacks. Also noted: What we’ve all seen in the media — that audacious thefts of money and securities through funds-transfer fraud is also on the rise.
Perhaps the most interesting point underscored by Cavanaugh is the evolving role of cyber insurance providers less as purveyors of policies and more as cyber risk consultants. This was a point made later by David T. Vanalek, director of U.S. Professional Liability for Markel, in his presentation.
Both speakers noted that underwriters are striving to get more accurate pictures of their clients’ risks, and to do this they are hiring staff with deeper domain expertise in information technology and legal issues. They each encouraged insureds to seek out carriers that have IT security experts on their cyber insurance teams.
Here are some key takeaways from the ISC2 June meeting.
Key takeaways for insureds:
- If you handle personal data, financial data, or healthcare data, you need cyber insurance.
- Organizations handling personal healthcare information are increasingly targeted by cyber criminals
- Ransomware/cyber extortion attacks are likely to increase due to the widespread availability of the software tools – and their low cost.
- Evaluate your potential cyber insurance provider carefully (see below for some specific tips).
- Cyber criminals use information to create detailed profiles they can use in personalized attacks.
- If you’re in healthcare or any other industry where hacked devices can cause bodily injury, be sure your cyber policies cover bodily injury.
- Cyber insurance is a service not just a product. It’s not a risk transfer relationship — it’s a risk management relationship.
Key takeaways for insurance professionals:
- Cyber insurance is not widely adopted by small and mid-sized businesses, which presents an opportunity for carriers, agents and brokers equipped to serve these companies.
- There’s not much historical claims data available for carriers writing cyber policies — so there’s always an element of uncertainty in the underwriting process.
- The largest companies involved with underwriting and distributing cyber insurance coverages have adopted a professional services model — consulting closely with clients on their cyber risk throughout the lifecycle of their relationships.
- Underwriters of cyber risk need a keen understanding of various security standards and protocols — and the risks associated with each.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.