Consider Risk Assessment in Choosing a Cyber Insurer
According to a post by AJ Thompson, CCO of Northdoor plc (https://www.technative.io/reconsidering-risk-assessment-for-cyber-insurance-policies/) 75% of companies now buy cyber insurance compared to 35% in 2011. 90% of first time buyers are small and medium businesses (SMBs) who buy coverage to meet third party requirements. Many of these organizations do not have the expertise to assess their cybersecurity exposure accurately. If their insurers can’t or won’t do an independent assessment, both insureds and insurers are at risk of underestimating the threats they face.
As companies become more interconnected, systemic risks increase. In addition to vulnerabilities in their own systems, organizations face risks from customers of their customers, suppliers of their suppliers, service providers, cloud providers, etc. Without knowing each policyholder’s total exposure, insurers cannot price accurately.
In Thompson’s opinion, underwriters must change from manual risk questionnaires to automated technological assessments that can measure dynamic and systemic risks. Both insureds and insurers benefit; by identifying risks before a breach vulnerabilities can be limited and premiums kept in check.
Choosing a cyber insurer should never be based on the lowest cost. In addition to broad coverage, organizations should consider the services the insurer can offer. Many insurers will include a description of their services when they deliver a policy. Don’t file it away; keep contact information handy. A timely request for assistance may prevent a future claim.