Skip to main content
close search
site logo

How cyber insurance coverage is evolving

Cyber insurance coverage can help raise security baselines across businesses, but organizations that have standalone policies are the exception to the rule.

Published July 25, 2024
By Sue Poremba
An abstract photo copy background in black and white.
It is becoming more common for cyber insurance providers to partner with companies to help them strengthen their cyber posture during their policy lifecycle to become more resilient. BNMK0819 via Getty Images

One of the most effective ways to improve cybersecurity throughout an organization is to purchase cyber insurance. 

It won’t eliminate the possibility of a data breach, but because there are strict rules to gain approval during the underwriting purposes, an organization’s overall cyber posture automatically improves, according to research from Forrester. 

Despite the positive impact from cyber insurance, the Forrester study found just one-quarter of companies have a stand-alone cyber insurance policy. 

There are plenty of reasons why organizations continue to shy away from stand-alone cyber insurance. It could be that other insurance policies held by the company include some cyber coverage. But concerns around cost and coverage limits have also scared away potential buyers. 

Adding to the coverage gaps is the complexity of gaining coverage, with separate coverage for first and third party policies. 

“First party is an insurance policy that covers you for your loss. The third-party policy pays you to defend yourself against a third party and pays a third party if there is a judgment against you,” said Peter Hedberg, VP of cyber underwriting at Corvus Insurance, to an audience at the RSA Conference in San Francisco in May. 

The first cyber policies provided predominantly third-party coverage focusing on covering online media and computer errors, but in the 2000s, the exposures evolved to include data breaches, explained Emma Werth, RVP Underwriting at Cowbell Cyber, in an email interview. The need for first-party coverages emerged with the increased exposure to viruses, ransomware, and cybercrime. 

“Now, we’re seeing further evolution as we face the new exposure of AI,” said Werth.

New technologies shift coverage

AI is front and center in the race to recognize new technologies and connected devices at risk of cyberattacks. Organizations are trying to figure out how AI is being used and how to differentiate an attack caused directly by AI rather than as part of another attack or a rogue employee. 

It is a global change for everything, and even insurance companies are struggling to figure out how policies will cover AI.

“AI is going to affect every type of insurance because it is going to affect risk,” said Violet Sullivan, AVP solutions team leader at Crum & Forster, during the RSAC panel.

But cyber insurance is shifting its coverage outside of the corporate network and into a more personal realm.

“We have cyber [insurance] for autos now to protect against data breaches if an auto’s information system is compromised,” said Monique Ferraro, Cyber Counsel with HSB, during the RSAC panel. 

Personal insurance is also becoming more commonplace as more homes and businesses are using smart devices. Cryptocurrency insurance protects wallets and exchanges, and there is more attention for privacy protection.

The price of coverage

Cyber insurance procurement continues to be a lengthy process, but it is getting easier for companies to obtain. 

“Overall, we are seeing stronger cyber hygiene across the industry,” said Werth.

Even small and medium-sized enterprises with fewer controls are able to obtain insurance since measures like multifactor authentication, password managers or passwordless technologies and data backups have become standard for most businesses. 

It is also becoming more common for cyber insurance providers to partner with companies to help them strengthen their cyber posture during their policy lifecycle to become more cyber resilient.

Overall, prices of cyber insurance policies are either flat from year to year or decreasing. But there are exceptions to this. 

“Industry classes that have experienced headline events, e.g. healthcare technology; hospital systems, continue to see pressure on premiums and deductibles,” said Ryan Griffin, partner and head of U.S. cyber at McGill and Partners, in an email interview.

Ransomware is going to continue to be a sticking point in cyber insurance coverage and expense. It was only a year or two ago that getting coverage for ransomware was nearly impossible; however, the current trend is that payments for ransoms have dropped. 

The real problem is the costs of business disruption that comes with a ransomware attack, and that impacts costs and availability. 

The right insurance policy should align with the organization’s security policy, just as it would be for any other security vendor agreement. 

“Cyber insurance is one of the many tools in your toolbox. It’s one of the ways of mitigating risk,” said Sullivan.

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell