Insurers Face Cyber Risk Challenges from All Directions
Mitchell Wein | July 28, 2015
The NAIC Executive (EX) Committee recently established the Cybersecurity (EX) Task Force to act as a focus point for cybersecurity insurance regulatory activities. The task force held its first meeting on March 29, in Phoenix. Just before this meeting, the Task Force released its draft Principles for Effective Cybersecurity Insurance Regulatory Guidance.
The message is clear, there will be regulatory pressure to do something around cybersecurity. The National Institute of Standards and Technology framework (NIST) will act as the basis of the eventual recommendations, with the understanding that what is expected will be practical, consistent, flexible and scalable.
Additional data on the sale of cyber insurance products will be used to help regulators with financial oversight. As we reported in our Executive Brief on Cyber Risk trends in August 2014, insurers have been thinking about how to price and underwrite these risks for some time.
- In March 2014, AIG introduced a new product called CyberEdgePC that covered property damage and bodily injury.
- Insurance Journal reported in an article a year ago that TSC Advantage has also enhanced its cyber risk assessment Threat Vector Manager (TVM) technology for commercial organizations, critical infrastructure, and the public sector. That product offered customers security controls in areas including insider threat, physical security, mobility, data security, internal business operations, and external business operations.
Cyber risk coverage that has emerged in the last few years has included business interruption, rewards for capturing criminals, crisis management, cyber extortion of the network, data breach and complying with regulations, identity theft, and liability from defense costs, settlements, judgments, and punitive damages.
How does a cyber-liability policy get priced? Not easily. As NAIC correctly points out, insurers will be interested in risk-management and disaster recovery protection of a firms network, data, digital assets, physical assets, and intellectual property.
Insider risk from employees and third parties in the supply chain will need to be evaluated as well. The Target store breach, which stole credit card data, was achieved through malware being installed on the security and payments system though a trusted third-party supporting store heating and air conditioning equipment. The breach cost $150 million and Target’s reputation, not to mention the CEO and CIO’s jobs. Insurers will need to be very interested in employee access to systems and data access.
Of course, traditional protection like antivirus and anti-malware software, the frequency of updates and the performance of firewalls will be considered as well. The problem is complex, and the risk unknown. The risk continues to increase as the insurance business becomes more digital and smart devices proliferate, creating new attack vectors.
As a result, the cost is high for the insurance, and the insurers are limiting how much they will cover. A 2014 Crawford & Company study “The Future of Cyber Insurance” revealed few carriers are willing and able to indemnify over $50 million with the majority writing a maximum limit of $10 million or less. Today, the market to underwrite cyber risk is dominated by American International Group Inc., ACE Ltd., Chubb Corp., Zurich Insurance Co. Ltd., and Beazley Group Ltd.
As a growing number of firms require their vendors to purchase cyber coverage, the loss experience will become more extensive allowing for more accurate pricing of risk. This lack of experience is complicated by a shortage of people with the skills needed to assess the risk. As a result, cyber loss control services are starting to emerge as well. Marsh just launched Cyber Monitor and Cyber view in partnership with Cyence, a cyber-security analytics service provider, to look at threat indicators and security analytics.
NAIC’s task force will be responding to this by looking at the protection of information housed in insurance departments and the NAIC; the protection of insurer-held consumer data; and collecting information on cyber-liability issued policies. Inevitably, regulation will emerge in the U.S. as time goes by, both at a federal and state level.
Regulatory enforced reviews of carriers providing cybersecurity risk management and insurance coverage has begun to occur. Federal and state insurance regulators will also be looking to make a positive impact on this emerging insurance market.
The challenge is this: How does the carrier protect itself from cyber risk and assess how other firms the carrier insures protect themselves? Only time will tell how the challenge is met.
- Electronic Chat with Larissa Tosch
- Martha Notaras Will Join ITA LIVE 2019 as a Keynote Speaker
- Five Things to Consider When Evaluating Your Cyber Risk
- ITA Pro Magazine, January/February 2019
- Major Ransomware Attack Could Hit U.S. with $89B In Economic Damages
- ITA Announces 1st of Three Keynote Speakers at ITA LIVE 2019
- Electronic Chat with Jeroen Morrenhof
- Legacy Systems Are Dead. Really? Don't Count On It.
- Now Accepting Nominations for the 2019 ITA Bridge Awards
- It's time to register for ITA LIVE!
- Registration is Now Open for ITA LIVE 2019!
- What to Expect from a Digital Experience Platform Implementation
- ITA Pro Magazine September Edition is Now Available
- It's National IT Professionals Day
- Save the Date for ITA-LIVE 2019
- OneShield Software and UrbanStat Work Together to Improve Real-Time Analytics and Risk Decision-Making
- ITA LIVE 2019 - SAVE THE DATE!
- Insurance Technology Association Announces New Editor-in-Chief
- August 2018 Edition ITA Pro Magazine is Now Available
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- Steve Kronsnoble Joins CastleBay Companies as Insurance Principal Consultant
- Electronic Chat with Larissa Tosch
- Instec Expands Insurance Expertise with Hiring of Industry Veteran CJ Lotter
- Group Insurers Investing in Tech to Drive Customer Acquisition and Retention, Says Novarica
- RLI Selects DataCubes to Optimize Certain Underwriting Processes
- Reinsurance Software WebXL Version 4.3 Released by Prima Solutions-Effisoft Group
- Direct Online Could Grow to 12% of Small Commercial Insurance Market by 2023, Says Novarica
- David Fisher joins FRISS board as non-executive member
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA LIVE 2019
The tide is up! It's time to register for ITA LIVE 2019, our annual educational and networking conference! Our theme is "The InsurTech Revolution: Cutting Through the Hype." and we'll be bringing in a torrent of industry thought leaders, amazing insight and wonderful perspectives on the world of insurtech and its impact on the insurance landscape.
ITA LIVE 2019 will present real-life examples of true startup technologies that are helping insurers gain real advantage -- and a competitive edge -- in the marketplace. We’ll highlight the more successful InsurTech partnerships, while offering case studies that demonstrate exciting innovation and cutting-edge techniques impacting all aspects of the insurance ecosystem.
Ride the wave to LIVE 2019. Sign up today! We look forward to seeing you in May, 2019!
BLOGS AND COLUMNS
This month, the ITA celebrates Insurance Careers Month and encourages carriers, brokers, agents and our industry associations to plan their own... READ MORE
Customization in the general sense has a very positive connotation. However, in the world of software systems, customization quite often falls short... READ MORE
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE