The emergence of sophisticated attacks, particularly ransomware, has placed a cloud over the cyber insurance market. As a result, in recent years, more firms have sought insurance protection to transfer risk and ultimately safeguard themselves and their customers. However, neither carriers nor those seeking insurance have the capacity to automate cyber risk quantification.
The sophistication of cyberattacks and their frequency has resulted in a rise in demand for policies and rising prices. Several carriers have increased rates by 30% to 50%, as well as enacting more stringent policy terms and coverage restrictions. According to some insurance brokers, carriers have reduced the amount of coverage offered by millions, and at least one major insurer, European insurance giant AXA, has stopped providing ransomware coverage altogether.
Ultimately, the cyber insurance industry is confronted with three major problems. When it comes to obtaining data and analyzing a company’s cyber risk exposure, insurance underwriters use a very manual, point-in-time method. However, these underwriters are unable to link loss data to vulnerabilities, insufficient controls, misconfigured hardware or software, or an attacker’s ability to successfully infiltrate a vital application or system. Security evaluations are performed only once before binding coverage and are not repeated until the policy is due to be renewed. Security evaluations performed on behalf of an underwriter are frequently never disclosed with the firm seeking insurance.
By Miles Tappin, Vp of EMEA of ThreatConnect. Read more of the story here: https://www.financederivative.com/the-insurance-industrys-saving-grace-automated-cyber-risk-quantification/