Despite the billions of dollars being poured into cybersecurity, virtually every source of cybersecurity incident reporting indicates that more organizations are getting hit by criminals more often than ever before. The costs related to ransoms, recovery and remediation are all going up. No matter the type of organization—big or small, commercial, educational, government, hospital, infrastructure, retail, or service provider—the bad guys don’t care. They will take your grandma’s last hundred bucks if they can find a way. They are ruthless, cunning, and, it's safe to assume, they are coming for you.
The increased number of attacks and the wider range of organizations being hit have had three major impacts:
- More organizations of all types and sizes now understand the importance of having a Cyber Insurance policy, just as they do standard business insurance. Risk managers, boards, stockholders, customers, and partners expect organizations to be covered by insurance when the worst happens.
- Good cyber insurance—despite being more widely available—is becoming harder to obtain. It's more expensive, for one, and insurers are performing more due diligence before offering a policy. When looking to acquire or renew your Cyber Insurance, you will be asked to provide detailed information about your security policies, plans and even specific technologies. This is a good thing, because insurance providers are putting their money where their mouth is, they’re saying if you have these things in place, we think the risk is manageable. That doesn’t mean all you need is what the insurer asks about but if you can’t get a policy or an affordable policy, that tells you something about your current security position – not good.
- There is a lot of innovation going on in Cyber Insurance. Insurers recognize that most companies that experience a major security incident don’t just want help with paying for remediation, but rather need more general guidance related to navigating the entire remediation process. Policies are now available with a wide range of services from threat containment and incident remediation to public relations and legal counsel.
One innovative provider in the market, Coalition, is representative of a whole new industry known as insurtech, which has emerged to actively help clients better protect themselves. Coalition's approach, which they refer to as Active Insurance, is based on three pillars that blur the lines between insurance provider and cybersecurity firm.
- Active Risk Assessment leverages data and artificial intelligence (AI) to describe an organization's near-real-time digital risk profile to streamline the quoting process and provide accurate pricing, as well as to identify potential issues that most traditional insurers and many insurtechs never see.
- Active Protection involves continuous scanning and monitoring of digital assets—and other risk factors associated with cyber and executive risks— and provides personalized alerts for critical issues so brokers and policyholders can stay ahead of new risks.
- Active Response includes support and guidance from Coalition's in-house team of experts, helping policyholders accelerate their response, and allegedly helping businesses bounce back quickly if an incident occurs.
We expect to see the launch of more offerings similar to Coalition's as the market matures. At Prescriptive we continue to work closely with insurance providers, agencies and customers to ensure they have the policies, procedures, people and products in place to properly protect their organizations. Cyber Insurance can be complicated, and not only do you need a policy, but you also need one that aligns with your organization.
Prescriptive offers industry leading cyber security products, professional and managed security services. In 2022 we created our Cyber Insurance Readiness Assessment (CIRA) program to help clients navigate the process of acquiring or renewing cyber insurance. We understand what the insurers are looking for, can assist with completing their surveys, and identify any gaps you may have.
For a limited time we are offering a Cyber Insurance Readiness Assessment at no cost. If you are interested, or if we may be of assistance in other areas, please reach out to us.