We recently read an article on Syncro entitled, “4 Changes You Need to Be Aware of in the Cyber Liability Insurance Industry”. This jumped off the screen and whacked us in the noggin:

Companies applying for cybersecurity liability insurance can expect to have more digital hoops to jump through before they’ll be approved … a “lack of attention to one or more aspects of basic security hygiene” was responsible for the most damaging attacks seen in 2020. Insurance carriers are mitigating their own risk by requiring more cybersecurity safeguards by those seeing [sic] coverage for cybersecurity attacks. This includes protocols such as:

  • Privilege access monitoring
  • Multi-factor authentication
  • Advanced threat protection
  • Confirmation of 3rd party security
  • And many others

Well, yeah. Those digital hoops could also be called common sense because many insurers who wrote cybersecurity liability coverages had no idea of the measures — or lack thereof — their policyholders had undertaken to ensure their environments were reasonably secure. As a result, those insurers took huge baths.

On the Job Training

There’s no real blame to be placed for any of that. It’s a new world, and we’re all feeling our way along. Given the business we’re in, however, we do believe strongly the right claim system can give all parties to cybersecurity liability risks much better understandings of their risk data, cyber and otherwise.

Cloud Claims, for example, connects claims to policies, enabling you to run reports by policy and policy period. It lets you audit every change made by anyone and the dates they’re made. It lets you run reports by user-determined filters — claim handlers, claims paid by amounts, dates, policy numbers, totals incurred, and more — all without SQL or Boolean logic — and export them to Excel. Cloud Claims also gives you dashboards that show types of cyber attack by incidents and frequency, along with the claims associated with those attacks, by time period, causes of those attacks, their costs, and more. And all of that will help you determine, by incident, specific points of entry and to determine trends, if any, in your exposures.

Yes. We all have to find our way in this new world. No. We don’t have to treat our exposures as random. Yes. We can get a better understanding of our risk data and derive better risk-management measures accordingly.

And we can start now with the tools we have now.