Why your business needs cyber risk insurance [Q&A]
Protecting against cyberattacks and guarding against technology failures is something that most businesses now do as a matter of course. But insuring against the risks is less common and could be leaving companies open to major losses.
We spoke to Jack Kudale, CEO of cyber insurance specialist Cowbell Cyber to find out more about cyber risk insurance and why it's increasingly being seen as an essential safeguard.
BN: Why does cyber risk need to be insured separately?
JK: Cyber risk has typically been covered as an endorsement to another policy, most often Errors and Omissions (E&O). This has led to a lack of details on what is covered or not, limits and sub-limits, and numerous misinterpretations. Standalone cyber risk insurance will help policyholders understand how cyber coverage works, demystifying the complexity of the insurance process.
BN: What sorts of things can be covered?
JK: Cyber insurance covers risks related to the use of information technology such as data breaches, ransomware, losses from cryptojacking, business interruption, or bricking. Coverage typically provides indemnification for both first- and third-party liabilities post incident: forensic services, customer notifications, lawsuits, public relations, data recovery and more.
BN: How easy is it to assess cyber risk?
JK: Cyber risk is, by nature, complex as well as tedious to assess: every business is unique and makes unique and specific use of technology. In addition, cyber threats and technology itself are constantly evolving. Quantifying the probability and severity of a cyber incident for one business and with enough accuracy for use by insurers requires gigabytes of external and internal data collected and normalized across many organizations.
BN: What are some of the risks which companies face? How do threats differ from company to company?
JK: Risks vary by company size, industry sector and the technology deployed. Organizations can appear similar from the outside but have different internet footprints that expose them to completely different risks. A business that outsources most of its IT operations faces risks related to third parties. Its suppliers might practice better or worse security than its own. However, it might be better off than a company operating everything in-house with no resources dedicated to risk management. Everything matters, and organizations need to capture the complexity of their risk exposure to represent it with accuracy. That's where Cowbell Cyber can help by offering continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.
BN: Should insurance be part of a wider cyber strategy?
JK: Absolutely. Insurance is the risk transfer component of a cyber strategy and focuses on loss mitigation and recovery post incidents. Cyber security tools will prevent and mitigate cyber threats but, as proven by daily headlines, it is not enough. Cyber insurance provides financial protection for the residual risks faced by any business with digital operations.
BN: What are the key things to look for in a cyber risk insurer?
JK: Cyber is one of the most technical lines of insurance. A cyber insurer should be digitally savvy, offer a digital insurance platform that addresses insureds' requests with speed and use data and advanced analytics to deliver coverages tailored to an organization's unique needs. Furthermore, insurers should share how they assess risk and provide insights on how to remediate them.
BN: How has the cyber landscape changed over the past few years?
JK: Awareness and investments in cyber have never been so high. Fortunately, or unfortunately, every incident that is made public is building a shared collective consciousness that every business, small or large, can be impacted by a cyber-attack. This is also shifting the discussion from threat to cyber risks and financial impacts on businesses. We start to see companies managing cyber risks like other business risks. This is certainly a contributing factor to the growth of the cyber insurance market.
BN: Let's look into the crystal ball. What are your predictions on the future of InsureTech in the years to come?
JK: Innovation is critical and will continue. VC investment in InsureTech has more than doubled in the past 12 months. There is one other thing business owners need to think about beyond prevention and detection. Its high time risk transfer strategies are implemented to mitigate losses in the aftermath of cyber security incidents. Cyber insurance is one of the most important techniques to mitigate financial losses.