Implementing a successful cyber insurance program: Key steps and considerations

In a first, a Black Hat micro summit explains how insurers assess risk to write cyber insurance policies as more organizations seek to indemnify themselves against potential breach losses.

As IT security incursions mount quickly, more public and private organizations are getting cyber insurance policies to mitigate the impact of the breaches, which are becoming more of a “when” than an “if”. According to AM Best’s Market Segment Report, direct premiums written by cyber insurers have risen from $996 million in 2015 to $2 billion in 2018, a twofold increase.

Indeed, cyber insurance – also known as cyber liability insurance or cyber risk insurance – has become more popular as organizations big and small have been hit with a growing tide of data theft, ransomware attacks and other assorted incursions. Cyber insurance has become such a hot topic that the Black Hat cybersecurity conference last month in Las Vegas dedicated a three-and-a-half-hour “micro summit” to the topic. The summit speakers discussed how to implement a successful cyber insurance program and integrate it with an organization’s risk management program, how to make claims, and what security controls may help.

“The cybersecurity community is recognizing more of the risk management side of this [issue],” said Matt Prevost, national product line manager for Chubb’s cyber products, in his Black Hat summit speech. “So, it’s really that enterprise risk management function that’s starting to resonate with the cybersecurity community.”

Views toward cyber insurance are changing

Within the past two years, visibility within organizations has improved and organizations now more clearly understand that cybersecurity and risk management are much more than “a technology problem within large companies and small companies,” Prevost adds in an interview.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!