Insurers Face Cyber Risk Challenges from All Directions
Mitchell Wein | July 28, 2015
The NAIC Executive (EX) Committee recently established the Cybersecurity (EX) Task Force to act as a focus point for cybersecurity insurance regulatory activities. The task force held its first meeting on March 29, in Phoenix. Just before this meeting, the Task Force released its draft Principles for Effective Cybersecurity Insurance Regulatory Guidance.
The message is clear, there will be regulatory pressure to do something around cybersecurity. The National Institute of Standards and Technology framework (NIST) will act as the basis of the eventual recommendations, with the understanding that what is expected will be practical, consistent, flexible and scalable.
Additional data on the sale of cyber insurance products will be used to help regulators with financial oversight. As we reported in our Executive Brief on Cyber Risk trends in August 2014, insurers have been thinking about how to price and underwrite these risks for some time.
- In March 2014, AIG introduced a new product called CyberEdgePC that covered property damage and bodily injury.
- Insurance Journal reported in an article a year ago that TSC Advantage has also enhanced its cyber risk assessment Threat Vector Manager (TVM) technology for commercial organizations, critical infrastructure, and the public sector. That product offered customers security controls in areas including insider threat, physical security, mobility, data security, internal business operations, and external business operations.
Cyber risk coverage that has emerged in the last few years has included business interruption, rewards for capturing criminals, crisis management, cyber extortion of the network, data breach and complying with regulations, identity theft, and liability from defense costs, settlements, judgments, and punitive damages.
How does a cyber-liability policy get priced? Not easily. As NAIC correctly points out, insurers will be interested in risk-management and disaster recovery protection of a firms network, data, digital assets, physical assets, and intellectual property.
Insider risk from employees and third parties in the supply chain will need to be evaluated as well. The Target store breach, which stole credit card data, was achieved through malware being installed on the security and payments system though a trusted third-party supporting store heating and air conditioning equipment. The breach cost $150 million and Target’s reputation, not to mention the CEO and CIO’s jobs. Insurers will need to be very interested in employee access to systems and data access.
Of course, traditional protection like antivirus and anti-malware software, the frequency of updates and the performance of firewalls will be considered as well. The problem is complex, and the risk unknown. The risk continues to increase as the insurance business becomes more digital and smart devices proliferate, creating new attack vectors.
As a result, the cost is high for the insurance, and the insurers are limiting how much they will cover. A 2014 Crawford & Company study “The Future of Cyber Insurance” revealed few carriers are willing and able to indemnify over $50 million with the majority writing a maximum limit of $10 million or less. Today, the market to underwrite cyber risk is dominated by American International Group Inc., ACE Ltd., Chubb Corp., Zurich Insurance Co. Ltd., and Beazley Group Ltd.
As a growing number of firms require their vendors to purchase cyber coverage, the loss experience will become more extensive allowing for more accurate pricing of risk. This lack of experience is complicated by a shortage of people with the skills needed to assess the risk. As a result, cyber loss control services are starting to emerge as well. Marsh just launched Cyber Monitor and Cyber view in partnership with Cyence, a cyber-security analytics service provider, to look at threat indicators and security analytics.
NAIC’s task force will be responding to this by looking at the protection of information housed in insurance departments and the NAIC; the protection of insurer-held consumer data; and collecting information on cyber-liability issued policies. Inevitably, regulation will emerge in the U.S. as time goes by, both at a federal and state level.
Regulatory enforced reviews of carriers providing cybersecurity risk management and insurance coverage has begun to occur. Federal and state insurance regulators will also be looking to make a positive impact on this emerging insurance market.
The challenge is this: How does the carrier protect itself from cyber risk and assess how other firms the carrier insures protect themselves? Only time will tell how the challenge is met.
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- Sapiens DECISION Recognized as a “Hot Vendor in Digital Business Platforms, 2017”
- DATAMATX Announces Prelude Software as New Solutions Partner
- Quadient Appoints Christian Hartigan President and General Manager of the Americas
- Gibraltar BSN Life Berhad Selects Majesco Distribution Management and Majesco Digital Solutions
- Desjardins General Insurance Group Deploys EIS Suite for Commercial Lines
- Acuity Modernizes Customer Communications Management with OpenText Exstream and ValueMomentum
- COUNTRY Financial Joins Roost’s Home Telematics Program
- Roost partners with The Weather Company
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA is pleased to present the 2014 Webinar Series. We have many topics for you to choose from and attendance is open to all ITA members. The webinar topics are current and exciting — ranging from predictive analytics to telematics and will focus on the direction insurance carriers need to follow for the future. All webinars are presented by insurance IT professionals along with some of the leading analysts and consultants in the field. There is no cost to attend an ITA webinar. For more information and to register for the webinar, click the “title” of the webinar below.
BLOGS AND COLUMNS
It has become a common refrain over the past few years to view the practice of enterprise architecture (EA) as something that time has passed by, much... READ MORE
One important trend in society over the past decade is our increasing ability to create and consume a seemingly unlimited amount of digital content... READ MORE
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE
Fraud detection has always been and will continue to be a critical component of claims management. Learning the lessons from current claims Straight... READ MORE
- Vendor Views