Dive Brief:
- Google Cloud entered an alliance with insurance giants Allianz Global Corporate and Specialty and Munich Re to offer specialized cyber insurance to its cloud customers, the company announced Tuesday.
- Google's Risk Protection Program is designed to help customers reduce cloud security risk and potentially lower costs, in what the companies say is the first-ever collaboration between a cloud provider and major cyber insurance companies.
- The agreement comes nearly three months after the historic nation-state cyberattack on SolarWinds and thousands of other U.S. companies was uncovered, an incident that put tremendous pressure on an industry that was already on alert from a rise in ransomware.
Dive Insight:
Google officials see the cyber insurance alliance as a way to encourage enterprises to take the leap into cloud data security, while remaining confident the risk is a shared experience.
"As we explored how we could help organizations more confidently move critical workloads into the cloud, we saw an opportunity to provide more assurances and further drive digital transformation through closer integration with their overall risk management program," Phil Venables, VP and CISO of Google Cloud and Sunil Potti, VP and GM of Google Cloud Security, wrote in a blogpost Tuesday.
The Risk Program will contain two parts: First, Google will provide a diagnostic tool called the Risk Manager, which will help companies assess their overall risk on Google Cloud and get a security report on the findings. Then Allianz and Munich Re are offering a product called Cloud Protection +, which offers a streamlined underwriting process.
Cybersecurity analysts and industry executives have raised concerns in recent months about the potential impact of the SolarWinds attack on cyber insurance coverage and policies.
"The demand for cyber insurance continues to grow as our customers become increasingly exposed to evolving cyber threats — which are again one of the top business risks globally in this year's Allianz Risk Barometer," Chris Townsend, a member of the Allianz SE Board of Management, said in the Google announcement.
The New York State Department of Financial Services issued a Cybersecurity Insurance Risk Framework in early February, providing guidance to property/casualty insurers on how to manage cyber insurance risk. The move was the first such guidance issued by a regulator in the U.S.
Insurers are increasingly finding it difficult to assess risk in the cybersecurity space, according to Charles Herring, CTO and co-founder at WitFoo.
"Cybersecurity insurers that we work with are struggling to define what metrics can be used to establish risk of issuing a policy," Herring said. "While data around other insurance packages such as auto, homeowners, liability and E&O are well established in determining the risk of the group in filing claims, data around what makes an organization safe from cybersecurity claims is unavailable."
Moody's warned in late January that cyber insurance premiums were increasing and coverage was being modified to make sure companies take preventative measures. Moody's cited data from insurance provider Coalition that showed massive increases in ransomware demands on its policyholders from 2019 to 2020.
"There are several things that have changed the risk and threat landscape since news broke of the supply chain hack of SolarWinds Orion and the development lifecycle there — and a reverberation of that damage to the spread of ransomware," Michael Schenck, senior cybersecurity consultant at CyZen.
