Connect with us

INSURANCE

How security ratings can contribute to delivering a suitable cyber liability policy

Etherisc to Host First Blockchain-Based Hurricane Insurance Policy in Puerto Rico

Matthew Mckenna Vice President EMEA at SecurityScorecard

Cyber insurance is growing in popularity because of the increasing number of data breaches reported over the last few years.Some common examples of cyber insurance breaches are data theft, spyware virus, dumpster diving etc.To prepare for unforeseeable attacks, insurance companies write focused cyber liability policies.These policies may carve out specific protections for companies and their executives from potentially devasting costs required to recover from a major cyber incident.  An important data point for consideration during the underwriting process is the cyber risk that a company might pose as a result of their cybersecurity posture. Something like security ratings can help here as they provide an up-to-date reflection of a potential insured’s security weaknesses, ensuring the correct policy is written.

Cyber Insurance and Compliance

Matthew Mckenna

Matthew Mckenna

While cyber liability policies do not discount a company’s obligation to meet their specific regulatory mandates, existing and emerging liability insurance products may provide a safety net for certain classes of companies that have a specific regulatory burden. Depending on the size of a company or the scope of the business, cyber insurance policies may change or may not even be available. For example, restricting a policy to have limits on personal records or bank information. Sectors such as healthcare, retail, food and beverage, education and financial will buy these cyber insurance policies as it may help cover expenses and attempt to prevent cyber breaches that have, for example PCI-DSS implications.

Challenges

Firstly, one challenge is how to effectively assess the cyber-risk a company might pose. Insurance policies are price based on calculated risk by the issuing insurance company. It’s pretty simple if you look at it in terms of auto insurance, it’s typically determined on a driving record. The more auto accidents or moving violations a driver has – the more expensive an insurance policy will be. Cyber liability is very similar in that the more cyber incidents or poor cyber health track record a company has – the more expensive the insurance policy will be.

A secondary challenge is how to have a common cyber risk taxonomy that is easily understood by insurance staff, agents and brokers, that in many cases are not knowledgeable about cyber risk. Lastly, a third challenge is how to effectively inform customers on their company’s cyber risk as it relates to the premium price of a policy.

Example of how security ratings fits in

Insurance providers can integrate security ratings into their cyber insurance underwriting process in multiple ways, including:

Cyber Risk Assessment:

Security ratings provide an automated assessment of cyber risk for any company looking to purchase a cyber liability policy. In the case of a company not qualifying for a policy, security ratings will then report a simple school-based letter grade (e.g. A-F) that assesses how well a company has broadly addressed their cyber health. The solution gives a detailed insight into a company’s cyber health via fine grain scores for each of ten important cybersecurity factor areas. Using a cybersecurity rating solution, insurance providers can align potential risk across the entire underwriting process.

Cyber Posture Transparency:

Most individuals who are responsible for selling, quoting, issuing, or buying a cyber liability policy do not have expertise in cybersecurity. Security ratings can provide a solution for insurance companies that introduces a common cybersecurity language. On the other hand, security ratings also provide a sufficient level of detail for more cyber-aware individuals when required. The security ratings solution provides a strong basis for insurance agents and brokers to quote cyber liability insurance policies using a consistent representation of a company’s potential cyber risk. Similarly, the ability for an insurance buyer to see his company’s security ratings introduces unique transparency during the process of buying or renewing a cyber liability policy.

Cyber Gap Assessment:

Insurance providers that do not use an automated security rating solution often find themselves cobbling together a company’s cyber risk using various manual assessment methods which takes up much more time and makes it a lengthier process than it needs to be using methods such as cyber risk questionnaires. Security ratings provide the ability to quickly assess gaps in a company’s cybersecurity efforts which is important when preparing a cyber liability policy. Gap assessment provided by a cyber rating solution can be invaluable for both novice and advanced cybersecurity professionals. For example, the breadth provided by security ratings can assist a cybersecurity novice document in broad security gaps (e.g., historical breach frequency, use of secure websites etc.)

Integrated Workflows:

Unlike more manual assessment methods, workflow integration greatly improves the efficiency and accuracy of quoting, selling, and renewing cyber liability insurance policies. Security ratings provide APIs and custom integrations that enable connecting cybersecurity ratings into an insurance providers business process.

Results and Benefits

One significant benefit of using security ratings is that downstream constituents (e.g., agents, brokers, customers, etc.) perceive the insurance provider being a trusted advisor concerning cybersecurity. A secondary benefit is that the ratings provide an accurate and transparent test against company’s cyber risk. Independent research has shown that a company with a rating of less than ‘D’ is five times more likely to be breached as opposed to a company with a better score. Insurance providers are likely to decide that companies with a grade of “D”, “E” or “F” are too high risk to issue a cyber liability policy. However, the transparency of security ratings enables companies to understand and address their company’s cyber concerns and go on to fix them.

Conclusion

Insurance companies can gain numerous benefits using a security rating solution as a part of their cyber liability insurance programs. Security ratings are used by insurance companies to help across multiple phases of defining and issuing cyber liability policies including underwriting, quoting, and renewals. The result is the ability to offer the best cyber liability policies while maintain trusted advisor status across all relevant constituents including insurance agents, brokers, and customers.

Matthew Mckenna has extensive experience in the technology and security industry. Matthew is a high-energy strategy and operations executive with a track record of commercialising emerging technologies across sectors in global markets.

Continue Reading

Recent Posts

Protecting against man in the middle attacks with dynamic linking 28 Protecting against man in the middle attacks with dynamic linking 29
FINANCE1 week ago

Protecting against man in the middle attacks with dynamic linking

By David Vergara, Senior Director of Product Marketing at OneSpan In recent years, the booming growth of mobile applications has...

The Case for Banks to Digitally Transform: Iterating out of lockdown 30 The Case for Banks to Digitally Transform: Iterating out of lockdown 31
BANKING1 week ago

The Case for Banks to Digitally Transform: Iterating out of lockdown

By Sudeepto Mukherjee, Senior VP, Banking EMEA & APAC, Publicis Sapient. Before COVID-19 disrupted every imaginable part of society, banks...

Difficulties of Getting on the Property Ladder Post-Pandemic 32 Difficulties of Getting on the Property Ladder Post-Pandemic 33
LIFESTYLE1 week ago

Difficulties of Getting on the Property Ladder Post-Pandemic

There is a lot of talk about what’s going to happen to the housing market over the next few months....

Russian Doll: Building digital capabilities into a bank’s core 34 Russian Doll: Building digital capabilities into a bank’s core 35
BANKING1 week ago

Russian Doll: Building digital capabilities into a bank’s core

By Ian Johnson, Managing Director of Europe, Marqeta COVID-19 has left its mark on every industry, and banking is no...

How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 36 How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 37
TRADING1 week ago

How the US and Europe’s COVID-19 Responses Have Affected Exchange Rates

In living memory, few events have thrown the reputations of different countries and regions under such intense scrutiny as the...

Recognising the surprise PE investment potential in southern Africa 38 Recognising the surprise PE investment potential in southern Africa 39
INVESTING1 week ago

Recognising the surprise PE investment potential in southern Africa

By Martin Soderberg, partner at SPEAR Capital. An event of historic significance passed largely unnoticed in the world’s media recently,...

Why Banking is experiencing a second wave of transformation 40 Why Banking is experiencing a second wave of transformation 41
BANKING1 week ago

Why Banking is experiencing a second wave of transformation

By Keith Pearson, Head of Financial Services EMEA, ServiceNow The financial landscape has seen significant changes in the last six...

Making your mark: an introduction to trademarks 42 Making your mark: an introduction to trademarks 43
TRADING1 week ago

Making your mark: an introduction to trademarks

By James Turner, Director at  Turner Little  Are you looking to protect your brand? The chances are, you are –...

Tax evasion, avoidance and efficiency: which are legal? 44 Tax evasion, avoidance and efficiency: which are legal? 45
FINANCE1 week ago

Tax evasion, avoidance and efficiency: which are legal?

By James Turner, Director at York-based Turner Little Tax is a subject close to the hearts of most individuals, and...

Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm 46 Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm 47
TECHNOLOGY1 week ago

Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm

By Graham Brooks, Strategic Account Director, Cradlepoint This year, the financial sector’s plans have been thrown off course by a...

Strange new world: What next for banks? 48 Strange new world: What next for banks? 49
BANKING1 week ago

Strange new world: What next for banks?

By Simon Wilson, Director, Payment Solutions, Icon Solutions What’s next for banks in this strange new world we find ourselves...

Alone together: How to maintain a positive company culture while working remotely 50 Alone together: How to maintain a positive company culture while working remotely 51
BUSINESS1 week ago

Alone together: How to maintain a positive company culture while working remotely

By Paul Rowlett, from branded corporate gift specialist EverythingBranded, shares his tips for keeping staff morale and engagement high while...