Risks will occur. Some good, some bad. Some minor, some catastrophic. There are different strategies to mitigate risk, including avoidance, acceptance, reduction, or transfer. Cyber liability insurance has become a popular way of transferring risk for businesses, but it’s not so easy to obtain or keep. 

Cyber risk has been growing in parallel with digital transformation for more than 20 years. Covid-19 and the necessity of supporting a massive shift towards teleworking has accelerated this trend, due to increasing reliance on remote workforce technology during the pandemic. More than ever, organizations are seeking cyber insurance to mitigate the eventual costs. But with rising cyber insurance premiums and increased risk of cyber-attacks, cyber insurance is likely to become even more expensive or limited in scope, if not both.

Any insurer whose risk management is deficient may suffer avoidable claims and accumulation of risk. For insurance brokers, the cyber marketplace demands a holistic approach, with risk controls and cyber awareness reinforcing traditional risk transfer and shifting the focus onto prevention. 

Rob and I have previously covered this issue in our Reimagining Cyber Podcast with Shawn Tuma, Cyber Insurance in the Wake of Log4j (an accompanying blog). As a lawyer focused on cybersecurity and privacy, Shawn works with many clients seeking risk mitigation strategies like cyber insurance. In the latest podcast episode of Reimagining Cyber Under the Hood of Cyber Insurance (and accompanying blog), Rob and I go at the issue from the other direction – an insurance broker. Our guest was Dan Bowden, the Global CISO for Marsh - the world's leading insurance broker and risk advisor. 

Dan shared that brokers like Marsh must play an active role in ensuring those seeking to be insured have adequate cybersecurity controls, such as multi-factor authentication (MFA), to mitigate cyber risk and reduce the likelihood of claims. 

Forrester Research in their April 2022 ‘Top Cybersecurity Threats for 2022’ report projected that as risk information improves, it is likely that insurers will include new underwriting requirements and greater scrutiny of risk mitigation and security program maturity. It’s also being predicted that the number of organizations that will be either unable to afford cyber insurance, have coverage declined, or experience significant coverage limitations is set to double in 2023. 

As the cyber insurance market tightens, insurers screen for clients with security controls that more closely align them to higher standards. The weaker the policyholder’s risk management program, the greater the risk to insurance providers. A lower risk profile with use of stronger security controls presents less risk to insurance providers. 

To learn more, register for an upcoming webinar, Best Practices for Cyber Liability Insurance Renewals: A Roundtable Discussion with IDMWORKS and CyberRes, hosted by Climb. 

Join our Security Community | What is Cyber Resilience? | What is Cybersecurity? | Reimagining Cyber Podcast