As government-sponsored and widespread vulnerability attacks continue to result in larger damages, cyber insurers are looking for opportunities to still meet demand without incurring risk.
It may come as a surprise, but cyber insurers aren’t in the business of issuing (and covering) cyber insurance policies; they’re in the business of staying in business. And that means identifying and reducing the highest sources of risk where the insurer will lose through paying on claims. Examples of such risks are state-based cyber attacks and widespread hacks. We have already seen where cyber insurers have excluded such attacks from their policy, but insurers continue to look for ways to still meet the market demand for more comprehensive coverage.
In addition to those insurers that have excluded acts of cyber terrorism, Chubb Ltd. is taking a look at policies with increased prices and deductibles for widespread cyber events, and Beazley is working on a new “war insurance” product that sits outside of its’ current standard cyber policy in order to cover attacks between nation-states.
According to reinsurer Swiss Re AG, the expected amount of cyber insurance policies written by 2025 will exceed $23 billion in coverage.
But even with these potentially extended cyber insurance coverages, organizations today should continue to see a policy as a last-ditch effort, rather than a cyber safety net. Your organization should look for ways to build up their cyber defenses in an effort to prevent, detect, and respond to attacks – something that should include Security Awareness Training – leaving the organization’s cyber insurance policy as the “nuclear option” as it were to make the organization whole.
