Consider Risk Assessment in Choosing a Cyber Insurer

Consider Risk Assessment in Choosing a Cyber Insurer

June 19, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

According to a post by AJ Thompson, CCO of Northdoor plc ( 75% of companies now buy cyber insurance compared to 35% in 2011. 90% of first time buyers are small and medium businesses (SMBs) who buy coverage to meet third party requirements. Many of these organizations do not have the expertise to assess their cybersecurity exposure accurately. If their insurers can’t or won’t do an independent assessment, both insureds and insurers are at risk of underestimating the threats they face.

As companies become more interconnected, systemic risks increase. In addition to vulnerabilities in their own systems, organizations face risks from customers of their customers, suppliers of their suppliers, service providers, cloud providers, etc. Without knowing each policyholder’s total exposure, insurers cannot price accurately.

In Thompson’s opinion, underwriters must change from manual risk questionnaires to automated technological assessments that can measure dynamic and systemic risks. Both insureds and insurers benefit; by identifying risks before a breach vulnerabilities can be limited and premiums kept in check.

Choosing a cyber insurer should never be based on the lowest cost. In addition to broad coverage, organizations should consider the services the insurer can offer. Many insurers will include a description of their services when they deliver a policy. Don’t file it away; keep contact information handy. A timely request for assistance may prevent a future claim.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.