[BreachExchange] Your 2018 guide to cyber insurance is here

[Audrey McNeil]

https://www.zdnet.com/article/your-2018-guide-to-cyber-insurance-is-here/

Today, no one is 100 percent secure -- believing otherwise is hubris of
Icarian proportions.

This reality is a core reason why more organizations are turning to cyber
insurance. Because without it in some form (whether it's a purchased policy
or their own allocated cash reserves), they have no safety net to stymie
losses from a serious cyberattack.

CISOs need every risk mitigation technique they can get, and cyber
insurance can an effective tool to mitigate and transfer cyber risk. But
getting the right coverage, terms, and services is far easier said than
done.

Learn To Navigate Today's Cyber Insurance Market

Security leaders who take time to understand the ins and outs of the
cyberinsurance market have a distinct advantage in everything from broker
selection to policy negotiations.

This is why we launched our cyber insurance research: to guide our business
and security clients through this $1.5 to $3 billion (and growing) market
and to offer insight and best practices to better mitigate cyber risk.

Key Findings

What we found is a cyber insurance market that looks a lot different than
even 2-3 years ago and keeps evolving quickly. Likely no surprise to
security pros, many insurers' cyber offerings are their fastest-growing
product lines. Still, insurers and security buyers alike grapple with a
list of pain points. Here are some of our key findings:

- The cyberinsurance market is maturing, but growing pains persist. We see
positive signs that the market is growing up: more transparent policies,
fewer contentious claim holdups, and insurers with a better understanding
of cyber risk. Still, it's far from painless. Security leaders face
countless hurdles, including pedantic legalese, pricing hikes, IP and
reputation coverage gaps, and disconnected purchase decisions due to
internal discord.
- Buyers navigate a labyrinth of intertwining providers and partners. Our
report maps out the intricate web of cyber insurance underwriters, brokers,
reinsurers, consultancies, data analytics and cyber risk scoring providers,
and carefully constructed carrier panels of post-breach services, such as
incident response and legal counsel. And for large enterprises, there are
self-insurance and captive options that may offer capitalization or tax
advantages.
- The devil is in the details. For both cyber insurance veterans and
newbies, it's easy to make mistakes. Even a slight variance in your
policy's definition of "computer fraud" can be the difference in millions
of dollars of coverage. We break down cyber insurance coverage gaps and
limitations into four categories: 1) Sublimits and Deductibles; 2) Explicit
Exclusions; 3) Implicit Restrictions; and 4) Services Constraints. You'll
want to read up on all of these before you start redlining your policy.
- Choose your cyber insurance broker wisely. The most important cyber
insurance relationship is between the CISO and broker. Whether it's
selecting a cyber insurance carrier, updating your policy, or handling
major claims, you'll turn to your broker first. During your broker
selection process, make sure that their incentives prioritize your
relationship -- not their relationships with partners. Review the services
they offer, their cybersecurity acumen, partner ecosystem, and the
experience of existing customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180713/d5242c3e/attachment.html>