Like every other risk, cybersecurity is a risk that needs insurance coverage as it has the potential of causing loss of information, data, or valuable items. Cybersecurity has brought up a new chapter in insurance. Insurers are coming up with new measures that must be adhered to before qualifying for coverage. Due to changes that have been brought up by cybersecurity, organizations are becoming accustomed to new insurance measurements that are mandatory. There are still uncertainties of the best way insurance can use to deal with cybersecurity so that the information, data, and networks are secure.
Insurance has a role to play in cybersecurity development. Bryan Hurd, a vice president in Aon Cyber Solutions stated that in the 1800s insurers has played a role in designing pressure relief valves for the steam engine power. They stated that it was mandatory if the insurance was to cover, then such piece of architecture was to be implemented, thus droving security and in so doing helping themselves to avoid large insurance claims. In so doing, insurance has been able to make sure they are safe from paying large claims.
In Cybersecurity, there is a lot to be done. In cybersecurity areas that are growing fast, cyber engines always keep crashing and causing disturbances in many organizations. In such areas, cybersecurity insurance companies continue to keep an eye on it because it is where the money is.
Covering cybersecurity has not been easy due to uncertainties that revolve around the cybersecurity industry. The relationship between enterprises and insurers has been hard due to the cost that comes with mitigation of breaches that is too costly. Not to mention the cyber losses that can be devastating. For example, in 2019, Hiscox reported that cyber losses were over $1.8 billion. Most companies continue to yearn for such coverage that will cushion them when disaster happens, insurance to continue looking for such a lucrative stream of revenue. There are many challenges that is being witnessed in coming up with terms of coverage and pricing.
There are reported cases where insurance companies refuse to pay claims by avoiding large claims. For example, Mandelez Internation did not get the insurance claim they wanted after NotPetya attack. This is because the insurer evaded the claim by stating that it was an act of the Russian government and the attack fell under the hostile or warlike action in time of peace. By doing so, the insurer avoided paying a large claim that was supposed to be paid. Looking at such an example, cybersecurity insurance policy is still yet not clear on how to cover; there are loopholes insurers are using to avoid claims.
Ensuring cybersecurity is still evolving and there is a lot that needs to be done. Insurance companies need to keep on collaborating with cybersecurity industry experts to help in driving it into maturity. Things are continuing to change, every year, there are improvements and awareness has grown. Due to the increase in cyber incidents and ransomware attacks, insurance providers and organizations are focusing on making things better by redefining policies. Through such engagements, it will be good for businesses as insurers will get better visibility into cyber risks and ultimately will help in putting measures they will keep operations secure and compliant to regulations. In addition, there is a need to make sure that any improvement that will be made is aligned with best practices and fit the business.
Insurance demand more systematic proof of security best practices is in place before they can think of insuring companies. This may range from configurations, antiviruses used, awareness and training to employees, and many more. Another issue is how insurers can be able to value data, this will help in knowing how to cover high-value data and low-value data. Even global pandemic should be viewed as a point to be researched. Insurers need to know what to do in the event of a global pandemic.
