- Companies are beginning to purchase more tailored cyber insurance policies in an effort to receive coverage from nuanced cyber risks, such as the potential compromise of personally identifiable information, data loss or physical risks associated with cyberthreats, according to Laura Foggan, partner at Crowell & Moring, speaking Tuesday on a panel in Washington D.C.
- Businesses cannot "pigeonehole" policies when looking to receive coverage for a cybersecurity incident, according to Foggan. General liability and property insurance policies, for example, are not tailored to cover a cybersecurity losses. Instead insurers have tailored policies that work to respond to an industry's unique needs, whether that's in manufacturing or retail. Some insurers are even weaving services into policies to ensure customers can adequately respond in the event of cyber incident.
- Cyber insurance is a "buyer's market," where a lack of standardized coverage or offerings creates opportunities for businesses and insurers, according to Matt Cullina, CEO of CyberScout, speaking Tuesday at the event. Currently a $3.5 billion market, cyber insurance is expected to grow to $20 billion in the next five years. Though mid-market companies and enterprises are currently the largest buyers, SMBs are also starting to look toward cyber insurance.
What started as a policies intended to just cover data breaches, the cyber insurance market has quickly morphed into an industry behemoth, intended to protect businesses from nuanced and evolving attacks.
In the past, some businesses have relied on existing insurance policies to cover losses and liabilities. However traditional business insurance policies do not cover the new era of threats companies are facing. For example, corporate kidnap insurance does not provide coverage in the event of a ransomware attack.
The lack of standardized cyber insurance policies creates an opportunity for the different sectors facing unique threats. A manufacturer may need more defense against industrial threats, such as IoT device compromise. But by comparison, a retailer would seek more coverage to insure against POS compromises.
Increasingly tailored insurance policies can work to protect companies following a cyber event, even assisting with regulator response. And with breach notification laws varying across 48 states, an insurer can help navigate the legaleze and make sure a business is adequately covered.