The cyber insurance industry is rapidly evolving, opening doors for stronger relationships between insurers and policyholders.
The cyber insurance firms that will be ahead of the curve are the ones that offer helpful tools, speak in layman’s terms and collaborate with the cybersecurity sector.
According to recent research conducted by Cowbell Cyber, 65% of small and medium-size businesses (SMEs) are planning to spend more on cyber insurance as part of their cyber resilience plan in the next two years. This comes as little surprise in the midst of COVID-19 as cybercriminals have become more opportunistic, and have developed new tactics to wreak havoc on their victims.
It is critical, now more than ever, for organizations to insure their most valuable assets, which of course includes their digital assets.
As the cyber insurance market evolves, industries of all types are realizing the need for specific, tailored cyber policies to address their unique needs. The coming year will usher in a wave of transformation for cyber insurance. Here are my three predictions on where the cyber insurance industry is heading.
Cyber insurance education will continue to grow.
The cyber insurance industry still has a long road ahead in educating, not only potential policyholders but also agents and brokers. But over the next few years, the educational gap should get smaller. In order to do so, insurers must offer accessible, easily digestible cyber policies for those who aren’t as familiar with cybersecurity, while still ensuring the intelligence and speed behind the policy can keep up with today’s digital landscape.
Businesses are increasingly becoming aware that cyber insurance is a necessity rather than a luxury. Many of them, however, aren’t sure how to select the right policy. In fact, according to research by Advisen and PartnerRe, the top three obstacles to selling and writing cyber insurance are:
- Not understanding exposures;
- Not understanding coverage; and
Having a clearer picture and understanding of exactly what cyber attacks are covered — and what is not — is vital for policyholders. Further, the cyber insurance industry needs to continue getting better at explaining exposures and risks, leading to more transparency overall.
Ideally, the cyber insurance process should be 100% online, eliminating outdated and confusing questionnaires that result in unverifiable assessments. Going into the next few years, insurers will remove unnecessary jargon from policies and deliver an improved experience for both policyholders and insurers. Insurers also will provide helpful online tools for policyholders, which will educate them on the risks that are most threatening to their particular organizations.
Cybersecurity and insurance will develop close partnerships.
Once considered separate industries, the cybersecurity and cyber insurance sectors are growing closer together. This will create some interesting opportunities for both sides. For example, if a company has good cybersecurity measures in place, they’ll likely receive some insurance “coverage credits” akin to earning better auto insurance rates (thanks to driver telematics) when you’re a good driver, you earn better auto insurance rates and options.
Cyber resilience requires both cybersecurity and cyber insurance. In pursuit of cyber resilience, organizations deploy cybersecurity tools for threat protection, detection and mitigation. When an incident actually occurs, they need to be prepared with a response and recovery plan. Technology helps, but cyber insurance mitigates loss in the aftermath of an inevitable breach.
In the future, we will see insurers working closely with cybersecurity experts to provide coverage for more sophisticated attacks such as ransomware, cyber extortion, social engineering and business interruption.
Insurance industry language will become more standardized.
As mentioned above, one of the common reasons why businesses lag in adopting cyber insurance is a lack of coverage understanding. The cyber insurance industry has a lot of work to do in order to establish clarity. This includes dedicating simple terms to refer to each type of sensitive information, whether that be corporate files, health records or personal data.
Both security practitioners and insurers need to deploy clear messaging that illustrates exactly what risks businesses may have and how they can protect themselves. In addition, all stakeholders should work off of a single source of truth, curating policies with the philosophy that technology and comprehensive assessment will deliver the most protection.
The cyber insurance industry is rapidly evolving, opening doors for stronger relationships between insurers and policyholders. The cyber insurance firms that will be ahead of the curve are the ones that offer helpful tools, speak in layman’s terms and collaborate with the cybersecurity sector, empowering policyholders to learn more about the cyber landscape, as it relates to their particular business sector.