Mitigating the Risk Factors of Cyber Insurance

Hugh Barrett
May 5, 2022 • 3 min read

When it comes to cyber insurance, there is perhaps not a more relevant and dynamically shifting facet in the cybersecurity world. I recently had the pleasure of participating in AM Best’s webinar, “Cyber Insurance is Broken – How Insurers, Brokers, and Risk Managers Can Work Together” to specifically discuss cyber insurance with industry experts, insurers, and brokers. This opportunity provided invaluable insight to the driving factors shifting the cyber insurance landscape, for both providers and customers.

Prior to the pandemic, cyber insurance was in its adolescent stages, with the thought process behind cyber insurance serving as a risk management mechanism and safety net against low frequency, high impact cyber breaches. As technology has continued to progress exponentially with accelerating digital transformation to the cloud, combined with increased remote work driven by the pandemic, many more network fabrics are exposed and the general attack surface is also increasing. This increased exposure has ultimately led to a reality where opportunistic attacks like ransomware are becoming high impact and high frequency. The current cyber insurance model does not account for, nor afford the rapidly escalating frequency and severity of these crippling cyber-attacks.

Because of this shifting reality, cyber insurers are limiting coverage, being uber-selective and stringent towards customers, increasing deductibles, and even completely denying claims to existing customers who fail to demonstrate cybersecurity best practices. In addition to the aforementioned factors, a lack of historical data and general direction for the future of cyber insurance is only compounding the issue surrounding cyber insurance availability and affordability. When considering how paramount cyber insurance will be in the future to provide a safety net and a sense of security to organizations of all size and industry, my fellow panelists and I outlined some key steps to best prepare your organization for a cyber insurance application:

  1. Know your IT assets. Cyber risk management is pointless without complete asset discovery and aggregation of resource configuration data – both on-prem and in the cloud. Why would CI providers insure your unknown and unaccounted for assets?
  2. Establish a systemized and repeatable cyber risk management process. Insurance providers are much more likely to award you a policy if you can demonstrate a benchmarking of your processes in accordance to standardized and recognized regulatory frameworks.
  3. Last but not least, establishing a solution to maintain ongoing controls testing and real-time continuous monitoring enables you to communicate current risk and compliance posture to insurance providers. This enables proactive visibility between provider and customer, enabling trust.

Leveraging software with automation and native workflow can help your organization tie together these aforementioned steps, and ultimately increase your chances of cyber insurance approval, receiving a better value premium, and reducing lengthy application approval timeframes. Solutions like Xacta can serve as the intermediary focal point your organization needs for all things risk, compliance, and audit, while also enabling reciprocity between you and the cyber insurance provider for greater, real-time visibility into your compliance posture.

Hugh Barrett
Vice President of Technical Solutions
Hugh Barrett is the vice president of technical solutions at Telos Corporation. Follow him on Twitter: @hugibarr
Read full bio
Notify of
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.