In the wake of the rising cybercrime across the world, the New York State Department of Financial Services (DFS) has announced a new Cyber Insurance Risk Framework. The framework sets out the best practice for the New York regulated property and casualty insurers, so they can effectively manage their cyber insurance risks.
These new guidelines are the output of DFS’s time-honored work in the cybersecurity insurance niche. In 2017, the DFS started the nation’s first cybersecurity regulations. Two years down the line, it established a Cybersecurity Division, the pioneer among US service regulators.
The new cyber insurance risk framework encourages insurers to include the following best practices into their risk strategy:
Remove Exposure to Silent Cyber Insurance Risks
Silent cyber insurance risk derives from an insurer’s commitment to cover loss from a cybersecurity breach under a policy that does not clearly state cyber incidents. Managing and eliminating exposure to such risks is a core component of the new cyber insurance risk framework.
Slice and Dice Systematic Risks
This includes the outcomes of destructive cyber events for vendors like third-party service providers. Case in point: SolarWinds supply chain attack!
Accurately Assess Insured Risks
Employ a data-driven strategy to evaluate possible loopholes and risks in insured cybersecurity.
Create Awareness Among Insurance Providers and Insureds
Insurance providers and insureds have to be educated about the importance of cybersecurity and its benefits and limitations. They also need to be aware about the risks of disregarding cybersecurity best practices.
Develop Cybersecurity Prowess
Insurance providers and insureds are encouraged to capitalize on cybersecurity expertise using prudent human resource recruitment practices.
Notifying Law Enforcers
Law enforcers must be notified immediately when a cybersecurity incident takes place.
This new framework is a product of DFS’s correspondence and coordination with the insurance industry and cyber insurance experts. The team that drafted the framework included all relevant stakeholders, including insurance providers, insurers, cyber experts, and insurance regulatory authorities from the US and Europe.
As per the guidance, the DFS calls on regulated insurers to establish a proper strategy to measure cyber insurance risk with the insurer’s size, resources, and geographic coverage.
With the recent rise in ransomware, as witnessed by the SolarWinds-based cyber-espionage campaign, cybersecurity is of utmost importance in every aspect of modern life and business. The COVID-19 pandemic has done its part in shifting everything online from schools to offices, so there is now a greater risk of cybercriminals capitalizing on security loopholes.
Ransomware attacks have increased in frequency in recent years and they’ve proved to be too costly. A 2020 survey found that from 2018 to 2019, the number of cyber ransom claims has risen by 180%, and the average cost of the claim has increased by 150%. The breaches reported to the DFS have also seen a spike in 2020.
Insurers play a vital part in alleviating cybersecurity risks, and they have certainly stepped up. But there’s still a long way to go because the risks are resulting in billions of dollars in losses every year.